This document was created by man2html using the manual pages.
Section: UNIX System Manager's Manual (8)
Updated: 16 November 2001
Return to NetAdminTools
- IPv4 Trivial File Transfer Protocol server
is a server for the IPv4 Trivial File Transfer Protocol. The TFTP
protocol is extensively used to support remote booting of diskless
devices. The server is normally started by
but can also run standalone.
Run the server in standalone (listen) mode, rather than run from
In listen mode, the
option is ignored, and the
option can be used to specify a specific local address or port to
- -a [address][:port]
Specify a specific
to listen to when called with the
option. The default is to listen to the
port specified in
on all local addresses.
Allow new files to be created. By default,
will only allow upload of files that already exist. Files are created
with default permissions allowing anyone to read or write them, unless
options are specified.
Change root directory on startup. This means the remote host does not
need to pass along the directory as part of the transfer, and may add
is specified, exactly one
should be specified on the command line. The use of this option is
recommended for security as well as compatibility with some boot ROMs
which cannot be easily made to include a directory name in its request.
- -u username
Specify the username which
will run as; the default is "nobody". The user ID, group ID, and (if
possible on the platform) the supplementary group IDs will be set to
the ones specified in the system permission database for this
- -U umask
Sets the umask for newly created files to the specified value.
The default is zero (anyone can read or write) if the
option is not specified, or inherited from the invoking process if
Perform no additional permissions checks above the normal
system-provided access controls for the user specified via the
- -t timeout
When run from
this specifies how long, in seconds, to wait for a second connection
before terminating the server.
will then respawn the server when another request comes in. The
default is 900 (15 minutes.)
- -m remap-file
Specify the use of filename remapping. The
is a file containing the remapping rules. See the section on filename
remapping below. This option may not be compiled in, see the output of
to verify whether or not it is available.
Increase the logging verbosity of
This flag can be specified multiple times for even higher verbosity.
- -r tftp-option
Indicate that a specific RFC 2347 TFTP option should never be
Print the version number and configuration to standard output, then
RFC 2347 OPTION NEGOTIATION
This version of
supports RFC 2347 option negotation. Currently implemented options
(RFC 2349), and
(RFC 2349). The nonstandard
TFTP option is functionally identical to the
option, with the additional constraint that the
blocksize is constrained to be a power of 2.
option can be used to disable specific options; this may be necessary
to work around bugs in specific TFTP client implementations.
option specifies a file which contains filename remapping rules. Each
non-comment line (comments begin with hash marks,
specified below; a
a regular expression in the style of
and optionally a
The operation indicated by
is performed if the
matches all or part of the filename. Rules are processed from the top
down, and by default, all rules are processed even if there is a
can be any combination of the following letters:
Replace the substring matched by
The replacement pattern may contain escape sequences; see below.
Repeat this rule until it no longer matches. This is always used with
case-insensitively. By default it is case sensitive.
If this rule matches, end rule processing after executing the rule.
If this rule matches, start rule processing over from the very first
rule after executing this rule.
If this rule matches, refuse the request and send an access denied
error to the client.
This rule applies to GET (RRQ) requests only.
This rule applies to PUT (WRQ) requests only.
The following escape sequences are recognized as part of the
The entire string matched by the
- \1 to \9
The strings matched by each of the first nine parenthesized
subexpressions, \( ... \), of the
The IP address of the requesting host, in dotted-quad notation
The IP address of the requesting host, in hexadecimal notation
Literal hash mark.
If the mapping file is changed, you need to send
to any outstanding
The use of TFTP services does not require an account or password on
the server system. Due to the lack of authentication information,
will allow only publicly readable files (o+r) to be accessed, unless the
option is specified. Files may be written only if they already exist
and are publicly writable, unless the
option is specified. Note that this extends the concept of ``public''
to include all users on all hosts that can be reached through the
network; this may not be appropriate on all systems, and its
implications should be considered before enabling TFTP service.
Typically, some kind of firewall or packet-filter solution should be
employed. If appropriately compiled (see the output of
will query the
database for access control information. This may be slow; sites
requiring maximum performance may want to compile without this option
and rely on firewalling or kernel-based packet filters instead.
The server should be set to run as the user with the lowest possible
privilege; please see the
flag. It is probably a good idea to set up a specific user account for
rather than letting it run as "nobody", to guard against privilege
leaks between applications.
Access to files can, and should, be restricted by invoking
with a list of directories by including pathnames as server program
arguments on the command line. In this case access is restricted to
files whole names are prefixed by one of the given directories. If
possible, it is recommended that the
flag is used to set up a chroot() environment for the server to run in
once a connection has been set up.
Finally, the filename remapping
flag) support can be used to provide a limited amount of additional
Requirements for Internet Hosts - Application and Support.
The TFTP Protocol (revision 2).
TFTP Option Extension.
TFTP Blocksize Option.
TFTP Timeout Interval and Transfer Size Options.
This version of
is maintained by H. Peter Anvin <email@example.com>. It was derived from,
but has substantially diverged from, an OpenBSD source base, with
added patches by Markus Gutschke and Gero Kulhman.
- RFC 2347 OPTION NEGOTIATION
- FILENAME REMAPPING
- CONFORMING TO
- SEE ALSO