HP-UX Reference (11i v1 05/09) - 1M System Administration Commands N-Z (vol 4)
t
tftpd(1M) tftpd(1M)
NAME
tftpd - trivial file transfer protocol server
SYNOPSIS
/usr/lbin/tftpd
[-R retran-seconds][
-s][-T total-seconds][path ...]
DESCRIPTION
tftpd is a server that supports the Internet Trivial File Transfer Protocol (RFC783). The TFTP server
operates at the port indicated in the tftp
service description (see services(4)). The server is normally
started by
inetd using the /etc/inetd.conf
file (see inetd(1M) and inetd.conf(4)).
Options
tftpd supports the following options:
-R This option specifies the per-packet retransmission timeout, in seconds. The default value
is 5 seconds.
-s This option enables tftpd to work in the Service Guard environment. This option is
required for some tftp clients. These clients reject the tftp reply received from a
different IP address than the one requested when the server’s interface is configured with
an alias IP address.
-T This option specifies the total retransmission timeout, in seconds. The default value is 25
seconds.
The path parameter has the following effects:
• tftpd operates in either of two modes or their combination. The first mode requires a defined
home directory for the pseudo-user tftp, and looks for files relative to that path. The second mode
requires one or more paths be specified on the command line, and allows access only to files whose
paths match or begin with one of the command line specifications. The first mode is backward-
compatible with previous releases of HP-UX and supports somewhat tighter security. The second
mode is compatible with other vendors’ implementations of
tftpd and allows greater flexibility in
accessing files.
• If no path is specified on the command line,
tftpd requires an entry in the
/etc/passwd data-
base (see passwd(4)) for an account (pseudo-user) named
tftp. The password field should be *, the
group membership should be
guest, and the login shell should be /usr/bin/false
. For exam-
ple (assuming the guest group ID is 101):
tftp:*:510:101:tftp server:/home/tftpdir:/usr/bin/false
tftpd
uses a call to chroot() to change its root directory to be the same as the home directory of
the pseudo-user tftp. This restricts access by tftp clients to only those files found below the
tftp home directory (see chroot(2)). Furthermore,
tftp clients can only read files in that directory
if they are readable by the pseudo-user
tftp, and tftp clients can only write files in that directory
if they exist and are writable by the pseudo-user tftp.
• If any path is specified on the command line, tftpd does not require that a pseudo-user named
tftp exist in /etc/passwd . The specified paths control access to files by
tftp clients. Each
path is treated as being relative to
/ (not the tftp home directory), and can be either a directory or
a file. tftpd disallows a client access to any file that does not match entirely or in its initial com-
ponents one of the restriction paths. It also disallows access to any file path containing ‘‘..’’. How-
ever, an accessed file can be a symbolic link that points outside the set of restricted paths.
• If any path is specified on the command line and the tftp home directory is defined and is not /,
tftpd first looks for a file relative to (under) the home directory. If the file is not found there, then
tftpd looks for the file relative to / with path restrictions applied. Thus if two files with the same
name can be found in both locations, tftpd accesses the one under tftp’s home directory.
Note that inetd allows continuation of command lines in inetd.conf by ending continued lines with a
backlash.
Defining the tftp pseudo-user is strongly recommended even when paths are specified, because client
access is further restricted to files that can be read and/or written by this pseudo-user. It is safe to set the
tftp pseudo-user’s home directory to / in this case.
HP-UX 11i Version 1: September 2005 − 1 − Hewlett-Packard Company Section 1M−−1019