HP-UX Reference (11i v2 03/08) - 1M System Administration Commands N-Z (vol 4)
t
tftpd(1M) tftpd(1M)
NAME
tftpd - trivial file transfer protocol server
SYNOPSIS
/usr/lbin/tftpd
[-l ][-R retran-seconds][
-r blksize|timeout|tsize
][-s]
[
-T total-seconds][path ...]
DESCRIPTION
tftpd is a server that supports the Internet Trivial File Transfer Protocol (RFC783). The TFTP server
operates at the port indicated in the tftp
service description (see services(4)). The server is normally
started by
inetd using the /etc/inetd.conf
file (see inetd(1M) and inetd.conf (4)).
Options
tftpd supports the following options:
-l This option writes the debugging information into the syslog file.
-R This option specifies the per-packet retransmission timeout, in seconds. The default
value is 5 seconds.
-r blksize|timeout|tsize
This option disables the client side options: blksize (blocksize),
timeout (retransmission timeout), and
tsize (transfer file size) individually. By
default, these options are enabled. For example, to disable timeout negotiation between a
client and the server, start the server with the following command:
tftpd -r timeout
-s This option enables tftpd to work in the Service Guard environment. This option is
required for some tftp clients. These clients reject the tftp reply received from a
different IP address than the one requested when the server’s interface is configured with
an alias IP address.
-T This option specifies the total retransmission timeout, in seconds. The default value is 25
seconds.
The path parameter has the following effects:
•
tftpd operates in either of two modes or their combination. The first mode requires a defined
home directory for the pseudo-user tftp, and looks for files relative to that path. The second
mode requires one or more paths be specified on the command line, and allows access only to files
whose paths match or begin with one of the command line specifications. The first mode is
backward-compatible with previous releases of HP-UX and supports somewhat tighter security.
The second mode is compatible with other vendors’ implementations of
tftpd and allows greater
flexibility in accessing files.
• If no path is specified on the command line,
tftpd requires an entry in the
/etc/passwd data-
base (see passwd(4)) for an account (pseudo-user) named
tftp. The password field should be *,
the group membership should be
guest, and the login shell should be /usr/bin/false.For
example (assuming the guest group ID is 101):
tftp:*:510:101:tftp server:/home/tftpdir:/usr/bin/false
tftpd uses a call to chroot() to change its root directory to be the same as the home directory
of the pseudo-user tftp. This restricts access by tftp clients to only those files found below the
tftp home directory (see chroot(2)). Furthermore, tftp clients can only read files in that direc-
tory if they are readable by the pseudo-user tftp, and tftp clients can only write files in that
directory if they exist and are writable by the pseudo-user tftp.
• If any path is specified on the command line,
tftpd does not require that a pseudo-user named
tftp exist in /etc/passwd. The specified path s control access to files by tftp clients. Each
path is treated as being relative to / (not the tftp home directory), and can be either a directory
or a file. tftpd disallows a client access to any file that does not match entirely or in its initial
components one of the restriction paths. It also disallows access to any file path containing ‘‘..’’.
However, an accessed file can be a symbolic link that points outside the set of restricted paths.
• If any path is specified on the command line and the
tftp home directory is defined and is not /,
tftpd first looks for a file relative to (under) the home directory. If the file is not found there,
then tftpd looks for the file relative to / with path restrictions applied. Thus if two files with the
HP-UX 11i Version 2: August 2003 − 1 − Hewlett-Packard Company Section 1M−−809