diff options
Diffstat (limited to 'remote_cmds/tftpd.tproj/tftpd.8')
-rw-r--r-- | remote_cmds/tftpd.tproj/tftpd.8 | 233 |
1 files changed, 233 insertions, 0 deletions
diff --git a/remote_cmds/tftpd.tproj/tftpd.8 b/remote_cmds/tftpd.tproj/tftpd.8 new file mode 100644 index 0000000..14df0f1 --- /dev/null +++ b/remote_cmds/tftpd.tproj/tftpd.8 @@ -0,0 +1,233 @@ +.\" $NetBSD: tftpd.8,v 1.21 2003/08/07 09:46:53 agc Exp $ +.\" +.\" Copyright (c) 1983, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" from: @(#)tftpd.8 8.1 (Berkeley) 6/4/93 +.\" +.Dd June 11, 2003 +.Dt TFTPD 8 +.Os +.Sh NAME +.Nm tftpd +.Nd +.Tn DARPA +Internet Trivial File Transfer Protocol server +.Sh SYNOPSIS +.Nm +.Op Fl d +.Op Fl g Ar group +.Op Fl i +.Op Fl l +.Op Fl n +.Op Fl s Ar directory +.Op Fl u Ar user +.Op Ar directory ... +.Sh DESCRIPTION +.Nm +is a server which supports the +.Tn DARPA +Trivial File Transfer Protocol. +The +.Tn TFTP +server operates at the port indicated in the +.Ql tftp +service description; see +.Xr services 5 . +This server should not be started manually; instead, it should be run using +.Xr launchd 8 +using the plist +.Pa /System/Library/LaunchDaemons/tftp.plist . +It may be started using the +.Xr launchctl 1 +load command; refer to the documentation for that utility for more information. +.Pp +The use of +.Xr tftp 1 +does not require an account or password on the remote system. +Due to the lack of authentication information, +.Nm +will allow only publicly readable files to be accessed. +Filenames beginning in ``\|\fB.\|.\fP\|/'' or +containing ``/\|\fB.\|.\fP\|/'' are not allowed. +Files may be written to only if they already exist and are publicly writable. +.Pp +Note that this extends the concept of +.Qq public +to include +all users on all hosts that can be reached through the network; +this may not be appropriate on all systems, and its implications +should be considered before enabling tftp service. +The server should have the user ID with the lowest possible privilege. +.Pp +Access to files may be restricted by invoking +.Nm +with a list of directories by including up to 20 pathnames +as server program arguments in +.Pa /System/Library/LaunchDaemons/tftp.plist . +In this case access is restricted to files whose +names are prefixed by the one of the given directories. +The given directories are also treated as a search path for +relative filename requests. +.Pp +The options are: +.Bl -tag -width "directory" +.It Fl d +Enable verbose debugging messages to +.Xr syslogd 8 . +.It Fl g Ar group +Change gid to that of +.Ar group +on startup. +If this isn't specified, the gid is set to that of the +.Ar user +specified with +.Fl u . +.It Fl i +Enable insecure mode, no +.Xr realpath 3 . +.It Fl l +Logs all requests using +.Xr syslog 3 . +.It Fl n +Suppresses negative acknowledgement of requests for nonexistent +relative filenames. +.It Fl s Ar directory +.Nm +will +.Xr chroot 2 +to +.Ar directory +on startup. +This is recommended for security reasons (so that files other than +those in the +.Pa /tftpboot +directory aren't accessible). +If the remote host passes the directory name as part of the +file name to transfer, you may have to create a symbolic link +from +.Sq tftpboot +to +.Sq \&. +under +.Pa /tftpboot . +.It Fl u Ar user +Change uid to that of +.Ar user +on startup. +If +.Fl u +isn't given, +.Ar user +defaults to +.Dq nobody . +If +.Fl g +isn't also given, change the gid to that of +.Ar user +as well. +.El +.Sh SEE ALSO +.Xr tftp 1 , +.Xr launchd 8 , +.Xr launchctl 1 , +.Xr launchd.plist 5 +.Rs +.%R RFC +.%N 1350 +.%D July 1992 +.%T "The TFTP Protocol (Revision 2)" +.Re +.Rs +.%R RFC +.%N 2347 +.%D May 1998 +.%T "TFTP Option Extension" +.Re +.Rs +.%R RFC +.%N 2348 +.%D May 1998 +.%T "TFTP Blocksize Option" +.Re +.Rs +.%R RFC +.%N 2349 +.%D May 1998 +.%T "TFTP Timeout Interval and Transfer Size Options" +.Re +.Sh HISTORY +The +.Nm +command appeared in +.Bx 4.2 . +.Pp +The +.Fl s +flag appeared in +.Nx 1.0 . +.Pp +The +.Fl g +and +.Fl u +flags appeared in +.Nx 1.4 . +.Pp +IPv6 support was implemented by WIDE/KAME project in 1999. +.Pp +TFTP options were implemented by Wasabi Systems, Inc., in 2003, +and first appeared in +NetBSD 2.0 . +.Sh BUGS +Files larger than 33488896 octets (65535 blocks) cannot be transferred +without client and server supporting blocksize negotiation (RFCs +2347 and 2348). +.Pp +Many tftp clients will not transfer files over 16744448 octets (32767 blocks). +.Sh SECURITY CONSIDERATIONS +You are +.Em strongly +advised to set up +.Nm +using the +.Fl s +flag in conjunction with the name of the directory that +contains the files that +.Nm +will serve to remote hosts (e.g., +.Pa /tftpboot ) . +This ensures that only the files that should be served +to remote hosts can be accessed by them. +.Pp +Because there is no user-login or validation within +the +.Tn TFTP +protocol, the remote site will probably have some +sort of file-access restrictions in place. +The exact methods are specific to each site and therefore +difficult to document here. |