tftpd is a server which supports the DARPA Trivial File Transfer Protocol. The TFTP server operates at the port indicated in the ‘tftp' service description; see
services(5). The server is normally started by
inetd(8).
The use of
tftp(1) does not require an account or password on the remote system. Due to the lack of authentication information,
tftpd will allow only publicly readable files to be accessed. Filenames beginning in “
../” or containing “
/../” are not allowed. Unless
-c is used, files may be written to only if they already exist and are publicly writable.
Note that this extends the concept of “public” to include all users on all hosts that can be reached through the network; this may not be appropriate on all systems, and its implications should be considered before enabling tftp service. The server should have the user ID with the lowest possible privilege.
Access to files may be restricted by invoking
tftpd with a list of directories by including up to 20 pathnames as server program arguments in
/etc/inetd.conf. In this case access is restricted to files whose names are prefixed by the one of the given directories. The given directories are also treated as a search path for relative filename requests.
The options are:
-c
Allow unrestricted creation of new files. Without this flag, only existing publicly writable files can be overwritten.
-g group
Change gid to that of group on startup. If this isn't specified, the gid is set to that of the user specified with -u.
-n
Suppresses negative acknowledgement of requests for nonexistent relative filenames.
-p pathsep
All occurances of the single character pathsep (path separator) in the requested filename are replaced with ‘/'.
-s directory
tftpd will
chroot(2) to
directory on startup. This is recommended for security reasons (so that files other than those in the
/tftpboot directory aren't accessible). If the remote host passes the directory name as part of the file name to transfer, you may have to create a symbolic link from ‘tftpboot' to ‘.' under
/tftpboot.
-u user
Change uid to that of user on startup. If -u isn't given, user defaults to “nobody”. If -g isn't also given, change the gid to that of user as well.