[apple/network_cmds.git] / tftpd.tproj / tftpd.8

.\"	$NetBSD: tftpd.8,v 1.21 2003/08/07 09:46:53 agc Exp $
.\"
.\" Copyright (c) 1983, 1991, 1993
.\"	The Regents of the University of California.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. Neither the name of the University nor the names of its contributors
.\"    may be used to endorse or promote products derived from this software
.\"    without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\"	from: @(#)tftpd.8	8.1 (Berkeley) 6/4/93
.\"
.Dd June 11, 2003
.Dt TFTPD 8
.Os
.Sh NAME
.Nm tftpd
.Nd
.Tn DARPA
Internet Trivial File Transfer Protocol server
.Sh SYNOPSIS
.Nm
.Op Fl d
.Op Fl g Ar group
.Op Fl i
.Op Fl l
.Op Fl n
.Op Fl s Ar directory
.Op Fl u Ar user
.Op Ar directory ...
.Sh DESCRIPTION
.Nm
is a server which supports the
.Tn DARPA
Trivial File Transfer Protocol.
The
.Tn TFTP
server operates at the port indicated in the
.Ql tftp
service description; see
.Xr services 5 .
The server is normally started by
.Xr inetd 8 .
.Pp
The use of
.Xr tftp 1
does not require an account or password on the remote system.
Due to the lack of authentication information,
.Nm
will allow only publicly readable files to be accessed.
Filenames beginning in ``\|\fB.\|.\fP\|/'' or
containing ``/\|\fB.\|.\fP\|/'' are not allowed.
Files may be written to only if they already exist and are publicly writable.
.Pp
Note that this extends the concept of
.Qq public
to include
all users on all hosts that can be reached through the network;
this may not be appropriate on all systems, and its implications
should be considered before enabling tftp service.
The server should have the user ID with the lowest possible privilege.
.Pp
Access to files may be restricted by invoking
.Nm
with a list of directories by including up to 20 pathnames
as server program arguments in
.Pa /etc/inetd.conf .
In this case access is restricted to files whose
names are prefixed by the one of the given directories.
The given directories are also treated as a search path for
relative filename requests.
.Pp
The options are:
.Bl -tag -width "directory"
.It Fl d
Enable verbose debugging messages to
.Xr syslogd 8 .
.It Fl g Ar group
Change gid to that of
.Ar group
on startup.
If this isn't specified, the gid is set to that of the
.Ar user
specified with
.Fl u .
.It Fl i
Enable insecure mode, no
.Xr realpath 3 .
.It Fl l
Logs all requests using
.Xr syslog 3 .
.It Fl n
Suppresses negative acknowledgement of requests for nonexistent
relative filenames.
.It Fl s Ar directory
.Nm
will
.Xr chroot 2
to
.Ar directory
on startup.
This is recommended for security reasons (so that files other than
those in the
.Pa /tftpboot
directory aren't accessible).
If the remote host passes the directory name as part of the
file name to transfer, you may have to create a symbolic link
from
.Sq tftpboot
to
.Sq \&.
under
.Pa /tftpboot .
.It Fl u Ar user
Change uid to that of
.Ar user
on startup.
If
.Fl u
isn't given,
.Ar user
defaults to
.Dq nobody .
If
.Fl g
isn't also given, change the gid to that of
.Ar user
as well.
.El
.Sh SEE ALSO
.Xr tftp 1 ,
.Xr inetd 8
.Rs
.%R RFC
.%N 1350
.%D July 1992
.%T "The TFTP Protocol (Revision 2)"
.Re
.Rs
.%R RFC
.%N 2347
.%D May 1998
.%T "TFTP Option Extension"
.Re
.Rs
.%R RFC
.%N 2348
.%D May 1998
.%T "TFTP Blocksize Option"
.Re
.Rs
.%R RFC
.%N 2349
.%D May 1998
.%T "TFTP Timeout Interval and Transfer Size Options"
.Re
.Sh HISTORY
The
.Nm
command appeared in
.Bx 4.2 .
.Pp
The
.Fl s
flag appeared in
.Nx 1.0 .
.Pp
The
.Fl g
and
.Fl u
flags appeared in
.Nx 1.4 .
.Pp
IPv6 support was implemented by WIDE/KAME project in 1999.
.Pp
TFTP options were implemented by Wasabi Systems, Inc., in 2003,
and first appeared in
NetBSD 2.0 .
.Sh BUGS
Files larger than 33488896 octets (65535 blocks) cannot be transferred
without client and server supporting blocksize negotiation (RFCs
2347 and 2348).
.Pp
Many tftp clients will not transfer files over 16744448 octets (32767 blocks).
.Sh SECURITY CONSIDERATIONS
You are
.Em strongly
advised to set up
.Nm
using the
.Fl s
flag in conjunction with the name of the directory that
contains the files that
.Nm
will serve to remote hosts (e.g.,
.Pa /tftpboot ) .
This ensures that only the files that should be served
to remote hosts can be accessed by them.
.Pp
Because there is no user-login or validation within
the
.Tn TFTP
protocol, the remote site will probably have some
sort of file-access restrictions in place.
The exact methods are specific to each site and therefore
difficult to document here.
Commit	Line	Data
2b484d24 A	1	.\" $NetBSD: tftpd.8,v 1.21 2003/08/07 09:46:53 agc Exp $
2b484d24 A	2	.\"
b7080c8e A	3	.\" Copyright (c) 1983, 1991, 1993
	4	.\" The Regents of the University of California. All rights reserved.
	5	.\"
	6	.\" Redistribution and use in source and binary forms, with or without
	7	.\" modification, are permitted provided that the following conditions
	8	.\" are met:
	9	.\" 1. Redistributions of source code must retain the above copyright
	10	.\" notice, this list of conditions and the following disclaimer.
	11	.\" 2. Redistributions in binary form must reproduce the above copyright
	12	.\" notice, this list of conditions and the following disclaimer in the
	13	.\" documentation and/or other materials provided with the distribution.
2b484d24	14	.\" 3. Neither the name of the University nor the names of its contributors
b7080c8e A	15	.\" may be used to endorse or promote products derived from this software
	16	.\" without specific prior written permission.
	17	.\"
	18	.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
	19	.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	20	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	21	.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
	22	.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	23	.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	24	.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	25	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	26	.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	27	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	28	.\" SUCH DAMAGE.
	29	.\"
2b484d24	30	.\" from: @(#)tftpd.8 8.1 (Berkeley) 6/4/93
b7080c8e	31	.\"
2b484d24	32	.Dd June 11, 2003
b7080c8e	33	.Dt TFTPD 8
8052502f	34	.Os
b7080c8e A	35	.Sh NAME
b7080c8e A	36	.Nm tftpd
2b484d24 A	37	.Nd
	38	.Tn DARPA
	39	Internet Trivial File Transfer Protocol server
b7080c8e	40	.Sh SYNOPSIS
2b484d24 A	41	.Nm
	42	.Op Fl d
	43	.Op Fl g Ar group
	44	.Op Fl i
	45	.Op Fl l
	46	.Op Fl n
8052502f A	47	.Op Fl s Ar directory
8052502f A	48	.Op Fl u Ar user
b7080c8e A	49	.Op Ar directory ...
b7080c8e A	50	.Sh DESCRIPTION
07f47057	51	.Nm
2b484d24 A	52	is a server which supports the
	53	.Tn DARPA
	54	Trivial File Transfer Protocol.
b7080c8e A	55	The
b7080c8e A	56	.Tn TFTP
2b484d24	57	server operates at the port indicated in the
b7080c8e	58	.Ql tftp
2b484d24	59	service description; see
b7080c8e A	60	.Xr services 5 .
	61	The server is normally started by
	62	.Xr inetd 8 .
	63	.Pp
	64	The use of
	65	.Xr tftp 1
	66	does not require an account or password on the remote system.
8052502f A	67	Due to the lack of authentication information,
8052502f A	68	.Nm
2b484d24 A	69	will allow only publicly readable files to be accessed.
	70	Filenames beginning in ``\\|\fB.\\|.\fP\\|/'' or
	71	containing ``/\\|\fB.\\|.\fP\\|/'' are not allowed.
	72	Files may be written to only if they already exist and are publicly writable.
	73	.Pp
b7080c8e	74	Note that this extends the concept of
2b484d24	75	.Qq public
b7080c8e A	76	to include
	77	all users on all hosts that can be reached through the network;
	78	this may not be appropriate on all systems, and its implications
	79	should be considered before enabling tftp service.
	80	The server should have the user ID with the lowest possible privilege.
	81	.Pp
	82	Access to files may be restricted by invoking
8052502f	83	.Nm
b7080c8e A	84	with a list of directories by including up to 20 pathnames
	85	as server program arguments in
	86	.Pa /etc/inetd.conf .
	87	In this case access is restricted to files whose
	88	names are prefixed by the one of the given directories.
8052502f	89	The given directories are also treated as a search path for
b7080c8e A	90	relative filename requests.
	91	.Pp
	92	The options are:
2b484d24 A	93	.Bl -tag -width "directory"
	94	.It Fl d
	95	Enable verbose debugging messages to
	96	.Xr syslogd 8 .
	97	.It Fl g Ar group
	98	Change gid to that of
	99	.Ar group
	100	on startup.
	101	If this isn't specified, the gid is set to that of the
	102	.Ar user
	103	specified with
	104	.Fl u .
	105	.It Fl i
	106	Enable insecure mode, no
	107	.Xr realpath 3 .
b7080c8e	108	.It Fl l
2b484d24 A	109	Logs all requests using
2b484d24 A	110	.Xr syslog 3 .
b7080c8e	111	.It Fl n
2b484d24	112	Suppresses negative acknowledgement of requests for nonexistent
b7080c8e	113	relative filenames.
8052502f	114	.It Fl s Ar directory
8052502f	115	.Nm
2b484d24 A	116	will
	117	.Xr chroot 2
	118	to
	119	.Ar directory
	120	on startup.
	121	This is recommended for security reasons (so that files other than
	122	those in the
	123	.Pa /tftpboot
	124	directory aren't accessible).
	125	If the remote host passes the directory name as part of the
	126	file name to transfer, you may have to create a symbolic link
	127	from
	128	.Sq tftpboot
	129	to
	130	.Sq \&.
	131	under
	132	.Pa /tftpboot .
8052502f	133	.It Fl u Ar user
2b484d24	134	Change uid to that of
8052502f	135	.Ar user
2b484d24 A	136	on startup.
	137	If
	138	.Fl u
	139	isn't given,
	140	.Ar user
	141	defaults to
	142	.Dq nobody .
	143	If
	144	.Fl g
	145	isn't also given, change the gid to that of
	146	.Ar user
	147	as well.
b7080c8e A	148	.El
	149	.Sh SEE ALSO
	150	.Xr tftp 1 ,
2b484d24	151	.Xr inetd 8
8052502f	152	.Rs
2b484d24 A	153	.%R RFC
2b484d24 A	154	.%N 1350
8052502f	155	.%D July 1992
2b484d24 A	156	.%T "The TFTP Protocol (Revision 2)"
	157	.Re
	158	.Rs
	159	.%R RFC
	160	.%N 2347
	161	.%D May 1998
	162	.%T "TFTP Option Extension"
	163	.Re
	164	.Rs
	165	.%R RFC
	166	.%N 2348
	167	.%D May 1998
	168	.%T "TFTP Blocksize Option"
	169	.Re
	170	.Rs
	171	.%R RFC
	172	.%N 2349
	173	.%D May 1998
	174	.%T "TFTP Timeout Interval and Transfer Size Options"
8052502f	175	.Re
b7080c8e A	176	.Sh HISTORY
	177	The
	178	.Nm
2b484d24 A	179	command appeared in
	180	.Bx 4.2 .
	181	.Pp
	182	The
8052502f	183	.Fl s
2b484d24 A	184	flag appeared in
	185	.Nx 1.0 .
	186	.Pp
	187	The
	188	.Fl g
	189	and
8052502f	190	.Fl u
2b484d24 A	191	flags appeared in
	192	.Nx 1.4 .
	193	.Pp
	194	IPv6 support was implemented by WIDE/KAME project in 1999.
	195	.Pp
	196	TFTP options were implemented by Wasabi Systems, Inc., in 2003,
	197	and first appeared in
	198	NetBSD 2.0 .
8052502f A	199	.Sh BUGS
8052502f A	200	Files larger than 33488896 octets (65535 blocks) cannot be transferred
2b484d24 A	201	without client and server supporting blocksize negotiation (RFCs
2b484d24 A	202	2347 and 2348).
8052502f A	203	.Pp
8052502f A	204	Many tftp clients will not transfer files over 16744448 octets (32767 blocks).
2b484d24 A	205	.Sh SECURITY CONSIDERATIONS
	206	You are
	207	.Em strongly
	208	advised to set up
	209	.Nm
	210	using the
	211	.Fl s
	212	flag in conjunction with the name of the directory that
	213	contains the files that
	214	.Nm
	215	will serve to remote hosts (e.g.,
	216	.Pa /tftpboot ) .
	217	This ensures that only the files that should be served
	218	to remote hosts can be accessed by them.
	219	.Pp
	220	Because there is no user-login or validation within
	221	the
	222	.Tn TFTP
	223	protocol, the remote site will probably have some
	224	sort of file-access restrictions in place.
	225	The exact methods are specific to each site and therefore
	226	difficult to document here.