TFTPD(8)	   UNIX System Manager's Manual		 TFTPD(8)


NAME
       tftpd - IPv4 Trivial File Transfer Protocol server

SYNOPSIS
       in.tftpd [options...]  directory...

DESCRIPTION
       tftpd  is a server for the IPv4 Trivial File Transfer Pro-
       tocol.  The TFTP protocol is extensively used  to  support
       remote  booting	of  diskless devices.  The server is nor-
       mally started by inetd, but can also run standalone.


OPTIONS
       -l     Run the server in standalone (listen) mode,  rather
	      than run from inetd.  In listen mode, the -t option
	      is ignored, and the -a option can be used to  spec-
	      ify  a specific local address or port to listen to.

       -a [address][:port]
	      Specify a specific address and port  to  listen  to
	      when  called with the -l option.	The default is to
	      listen to the tftp port specified in  /etc/services
	      on all local addresses.

       -c     Allow  new  files to be created.	By default, tftpd
	      will only allow upload of files that already exist.
	      Files are created with default permissions allowing
	      anyone to read or write them.

       -s     Change root directory on startup.	 This  means  the
	      remote  host does not need to pass along the direc-
	      tory as part of the transfer, and may add security.
	      When  -s is specified, exactly one directory should
	      be specified on the command line.	 The use of  this
	      option  is recommended for security as well as com-
	      patibility with some boot ROMs which cannot be eas-
	      ily  made	 to  include  a	 directory  name  in  its
	      request.

       -u username
	      Specify the username which tftpd will run	 as;  the
	      default is "nobody".

       -t timeout
	      When  run	 from  inetd  this specifies how long, in
	      seconds, to wait for  a  second  connection  before
	      terminating  the	server.	  inetd will then respawn
	      the server when  another	request	 comes	in.   The
	      default is 900 (15 minutes.)

       -m remap-file
	      Specify  the use of filename remapping.  The remap-
	      file is a file containing the remapping rules.  See
	      the  section  on	filename  remapping  below.  This
	      option may not be compiled in, see  the  output  of
	      in.tftpd	-V  to verify whether or not it is avail-
	      able.

       -v     Increase the logging verbosity of tftpd.	This flag
	      can  be  specified  multiple  times for even higher
	      verbosity.

       -r tftp-option
	      Indicate that  a	specific  RFC  2347  TFTP  option
	      should never be accepted.

       -V     Print the version number and configuration to stan-
	      dard output, then exit gracefully.

RFC 2347 OPTION NEGOTIATION
       This version of tftpd supports RFC 2347 option negotation.
       Currently implemented options are blksize (RFC 2348), blk-
       size2 (nonstandard), tsize (RFC 2349),  and  timeout  (RFC
       2349).	The nonstandard blksize2 TFTP option is function-
       ally identical to the blksize option, with the  additional
       constraint that the blocksize is constrained to be a power
       of 2.

       The -r option can be used  to  disable  specific	 options;
       this may be necessary to work around bugs in specific TFTP
       client implementations.

FILENAME REMAPPING
       The -m option specifies a  file	which  contains	 filename
       remapping  rules.   Each	 non-comment line (comments begin
       with hash  marks,  #)  contains	an  operation,	specified
       below;  a  regex,  a  regular  expression  in the style of
       egrep; and optionally a replacement pattern.   The  opera-
       tion  indicated	by  operation  is  performed if the regex
       matches all or part of the filename.  Rules are	processed
       from the top down, and by default, all rules are processed
       even if there is a match.

       The operation can be any combination of the following let-
       ters:

       r      Replace  the  substring  matched	by  regex  by the
	      replacement pattern.  The escape sequence \0 can be
	      used  to	copy  the  entire matched string, and the
	      sequences \1 to \9 copies parenthesized  subexpres-
	      sions.  To specify a backslash, white space or hash
	      mark, you need to \-escape it.

       g      Repeat this rule until it no longer matches.   This
	      is always used with r.

       i      Match  the regex case-insensitively.  By default it
	      is case sensitive.

       e      If this rule matches,  end  rule	processing  after
	      executing the rule.

       s      If  this	rule  matches, start rule processing over
	      from the very first rule after executing this rule.

       a      If  this	rule matches, refuse the request and send
	      an access denied error to the client.

       G      This rule applies to GET (RRQ) requests only.

       P      This rule applies to PUT (WRQ) requests only.

       If the mapping file is changed, you need to send SIGHUP to
       any outstanding tftpd process.

SECURITY
       The  use	 of  TFTP services does not require an account or
       password on the server system.  Due to the lack of authen-
       tication information, tftpd will allow only publicly read-
       able files (o+r) to be accessed.	  Files	 may  be  written
       only  if	 they  already	exist  and are publicly writable,
       unless the -c option is specified.  Note that this extends
       the  concept  of	 ``public''  to	 include all users on all
       hosts that can be reached through the  network;	this  may
       not  be	appropriate  on all systems, and its implications
       should be considered before enabling TFTP service.   Typi-
       cally,  some  kind  of  firewall or packet-filter solution
       should be employed.  If appropriately  compiled	(see  the
       output	 of   in.tftpd	 -V)   tftpd   will   query   the
       hosts_access(5) database for access  control  information.
       This  may be slow; sites requiring maximum performance may
       want to compile without this  option  and  rely	on  fire-
       walling or kernel-based packet filters instead.

       The server should be set to have the user ID with the low-
       est possible privilege; please see the -u flag.

       Access to files can, and should, be restricted by invoking
       tftpd with a list of directories by including pathnames as
       server program arguments on the	command	 line.	 In  this
       case  access  is	 restricted to files whole names are pre-
       fixed by one of the given directories.  If possible, it is
       recommended  that the -s flag is used to set up a chroot()
       environment for the server to run in once a connection has
       been set up.

       Finally,	 the  filename remapping (-m flag) support can be
       used to provide a limited amount of additional access con-
       trol.

CONFORMING TO
       RFC  1123,  Requirements	 for Internet Hosts - Application
       and Support.
       RFC 1350, The TFTP Protocol (revision 2).
       RFC 2347, TFTP Option Extension.
       RFC 2348, TFTP Blocksize Option.
       RFC 2349, TFTP Timeout Interval and Transfer Size Options.

AUTHOR
       This  version  of  tftpd	 is  maintained by H. Peter Anvin
       <hpa@zytor.com>.	 It was derived from,  but  has	 substan-
       tially  diverged	 from, an OpenBSD source base, with added
       patches by Markus Gutschke and Gero Kulhman.

SEE ALSO
       tftp(1), egrep(1), hosts_access(5), regex(7), inetd(8).

tftp-hpa		 13 November 2001			4
