mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-12-22 08:53:41 +01:00
136 lines
4.2 KiB
Groff
136 lines
4.2 KiB
Groff
.\" Copyright (c) 1983, 1991, 1993
|
|
.\" The Regents of the University of California. All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\" 3. All advertising materials mentioning features or use of this software
|
|
.\" must display the following acknowledgement:
|
|
.\" This product includes software developed by the University of
|
|
.\" California, Berkeley and its contributors.
|
|
.\" 4. Neither the name of the University nor the names of its contributors
|
|
.\" may be used to endorse or promote products derived from this software
|
|
.\" without specific prior written permission.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.\" @(#)tftpd.8 8.1 (Berkeley) 6/4/93
|
|
.\"
|
|
.Dd June 4, 1993
|
|
.Dt TFTPD 8
|
|
.Os BSD 4.2
|
|
.Sh NAME
|
|
.Nm tftpd
|
|
.Nd
|
|
Internet Trivial File Transfer Protocol server
|
|
.Sh SYNOPSIS
|
|
.Nm /usr/libexec/tftpd
|
|
.Op Fl l
|
|
.Op Fl n
|
|
.Op Fl s Ar directory
|
|
.Op Ar directory ...
|
|
.Sh DESCRIPTION
|
|
.Nm Tftpd
|
|
is a server which supports the
|
|
Internet Trivial File Transfer
|
|
Protocol (\c
|
|
.Tn RFC 783).
|
|
The
|
|
.Tn TFTP
|
|
server operates
|
|
at the port indicated in the
|
|
.Ql tftp
|
|
service description;
|
|
see
|
|
.Xr services 5 .
|
|
The server is normally started by
|
|
.Xr inetd 8 .
|
|
.Pp
|
|
The use of
|
|
.Xr tftp 1
|
|
does not require an account or password on the remote system.
|
|
Due to the lack of authentication information,
|
|
.Nm
|
|
will allow only publicly readable files to be
|
|
accessed.
|
|
Files containing the string ``/\|\fB.\|.\fP\|/'' or starting with
|
|
``\|\fB.\|.\fP\|/'' are not allowed.
|
|
Files may be written only if they already exist and are publicly writable.
|
|
Note that this extends the concept of
|
|
.Dq public
|
|
to include
|
|
all users on all hosts that can be reached through the network;
|
|
this may not be appropriate on all systems, and its implications
|
|
should be considered before enabling tftp service.
|
|
The server should have the user ID with the lowest possible privilege.
|
|
.Pp
|
|
Access to files may be restricted by invoking
|
|
.Nm
|
|
with a list of directories by including up to 20 pathnames
|
|
as server program arguments in
|
|
.Pa /etc/inetd.conf .
|
|
In this case access is restricted to files whose
|
|
names are prefixed by the one of the given directories.
|
|
The given directories are also treated as a search path for
|
|
relative filename requests.
|
|
.Pp
|
|
The chroot option provides additional security by restricting access
|
|
of
|
|
.Nm
|
|
to only a chroot'd file system. This is useful when moving
|
|
from an OS that supported
|
|
.Fl s
|
|
as a boot server. Because chroot is restricted to root, you must run
|
|
.Nm
|
|
as root. However, if you chroot, then
|
|
.Nm
|
|
will set its user id to nobody.
|
|
.Pp
|
|
The options are:
|
|
.Bl -tag -width Ds
|
|
.It Fl l
|
|
Log all requests using
|
|
.Xr syslog 3 .
|
|
.It Fl n
|
|
Suppress negative acknowledgement of requests for nonexistent
|
|
relative filenames.
|
|
.It Fl s Ar directory
|
|
Cause
|
|
.Nm
|
|
to chroot to
|
|
.Pa directory
|
|
before accepting commands. In addition, the user id is set to
|
|
nobody.
|
|
.Pp
|
|
If you are not running
|
|
.Fl s ,
|
|
no user id change will be
|
|
attempted. You should not run
|
|
.Nm
|
|
as root unless you are using
|
|
.Fl s .
|
|
.El
|
|
.Sh SEE ALSO
|
|
.Xr tftp 1 ,
|
|
.Xr inetd 8
|
|
.Sh HISTORY
|
|
The
|
|
.Nm
|
|
command appeared in
|
|
.Bx 4.2 .
|