1 .\" -*- nroff -*- --------------------------------------------------------- *
3 .\" Copyright (c) 1990, 1993, 1994
4 .\" The Regents of the University of California. All rights reserved.
6 .\" Copyright 2001-2009 H. Peter Anvin - All Rights Reserved
8 .\" Redistribution and use in source and binary forms, with or without
9 .\" modification, are permitted provided that the following conditions
11 .\" 1. Redistributions of source code must retain the above copyright
12 .\" notice, this list of conditions and the following disclaimer.
13 .\" 2. Redistributions in binary form must reproduce the above copyright
14 .\" notice, this list of conditions and the following disclaimer in the
15 .\" documentation and/or other materials provided with the distribution.
16 .\" 3. Neither the name of the University nor the names of its contributors
17 .\" may be used to endorse or promote products derived from this software
18 .\" without specific prior written permission.
20 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 .\"----------------------------------------------------------------------- */
33 .TH TFTPD 8 "14 September 2009" "tftp-hpa @@VERSION@@" "System Manager's Manual"
36 \- Trivial File Transfer Protocol server
43 is a server for the Trivial File Transfer Protocol. The TFTP
44 protocol is extensively used to support remote booting of diskless
45 devices. The server is normally started by
47 but can also run standalone.
51 \fB\-\-ipv4\fP, \fB\-4\fP
52 Connect with IPv4 only, even if IPv6 support was compiled in.
54 \fB\-\-ipv6\fP, \fB\-6\fP
55 Connect with IPv6 only, if compiled in.
57 \fB\-l\fP, \fB\-\-listen\fP
58 Run the server in standalone (listen) mode, rather than run from
62 option is ignored, and the
64 option can be used to specify a specific local address or port to
67 \fB\-\-foreground\fP, \fB\-L\fP
70 but do not detach from the foreground process. Implies
73 \fB\-\-address\fP \fI[address][:port]\fP, \fB\-a\fP \fI[address][:port]\fP
78 to listen to when called with the
82 option. The default is to listen to the
86 on all local addresses.
89 Numeric IPv6 adresses must be enclosed in square brackets
90 to avoid ambiguity with the optional port information.
92 \fB\-\-create\fP, \fB\-c\fP
93 Allow new files to be created. By default,
95 will only allow upload of files that already exist. Files are created
96 with default permissions allowing anyone to read or write them, unless
101 options are specified.
103 \fB\-\-secure\fP, \fB\-s\fP
104 Change root directory on startup. This means the remote host does not
105 need to pass along the directory as part of the transfer, and may add
108 is specified, exactly one
110 should be specified on the command line. The use of this option is
111 recommended for security as well as compatibility with some boot ROMs
112 which cannot be easily made to include a directory name in its request.
114 \fB\-\-user\fP \fIusername\fP, \fB\-u\fP \fIusername\fP
115 Specify the username which
117 will run as; the default is "nobody". The user ID, group ID, and (if
118 possible on the platform) the supplementary group IDs will be set to
119 the ones specified in the system permission database for this
122 \fB\-\-umask\fP \fIumask\fP, \fB\-U\fP \fIumask\fP
123 Sets the \fIumask\fP for newly created files to the specified value.
124 The default is zero (anyone can read or write) if the
126 option is not specified, or inherited from the invoking process if
130 \fB\-\-permissive\fP, \fB\-p\fP
131 Perform no additional permissions checks above the normal
132 system-provided access controls for the user specified via the
136 \fB\-\-pidfile\fP \fIpidfile\fP, \fB\-P\fP \fIpidfile\fP
137 When run in standalone mode, write the process ID of the listening
138 server into \fIpidfile\fP. On normal termination (SIGTERM or SIGINT)
139 the pid file is automatically removed.
141 \fB\-\-timeout\fP \fItimeout\fP, \fB\-t\fP \fItimeout\fP
144 this specifies how long, in seconds, to wait for a second connection
145 before terminating the server.
147 will then respawn the server when another request comes in. The
148 default is 900 (15 minutes.)
150 \fB\-\-retransmit\fP \fItimeout, \fP\fB\-T\fP \fItimeout\fP
151 Determine the default timeout, in microseconds, before the first
152 packet is retransmitted. This can be modified by the client if the
156 option is negotiated. The default is 1000000 (1 second.)
158 \fB\-\-mapfile\fP \fIremap-file\fP, \fB\-m\fP \fIremap-file\fP
159 Specify the use of filename remapping. The
161 is a file containing the remapping rules. See the section on filename
162 remapping below. This option may not be compiled in, see the output of
164 to verify whether or not it is available.
166 \fB\-\-verbose\fP, \fB\-v\fP
167 Increase the logging verbosity of
169 This flag can be specified multiple times for even higher verbosity.
171 \fB\-\-verbosity\fP \fIvalue\fP
172 Set the verbosity value to \fIvalue\fP.
174 \fB\-\-refuse\fP \fItftp-option\fP, \fB\-r\fP \fItftp-option\fP
175 Indicate that a specific RFC 2347 TFTP option should never be
178 \fB\-\-blocksize\fP \fImax-block-size\fP, \fB\-B\fP \fImax-block-size\fP
179 Specifies the maximum permitted block size. The permitted range for
180 this parameter is from 512 to 65464. Some embedded clients request
181 large block sizes and yet do not handle fragmented packets correctly;
182 for these clients, it is recommended to set this value to the smallest
183 MTU on your network minus 32 bytes (20 bytes for IP, 8 for UDP, and 4
184 for TFTP; less if you use IP options on your network.) For example,
185 on a standard Ethernet (MTU 1500) a value of 1468 is reasonable.
187 \fB\-\-port-range\fP \fIport:port\fP, \fB\-R\fP \fIport:port\fP
188 Force the server port number (the Transaction ID) to be in the
189 specified range of port numbers.
191 \fB\-\-version\fP, \fB\-V\fP
192 Print the version number and configuration to standard output, then
194 .SH "RFC 2347 OPTION NEGOTIATION"
197 supports RFC 2347 option negotation. Currently implemented options
200 \fBblksize\fP (RFC 2348)
201 Set the transfer block size to anything less than or equal to the
202 specified option. This version of
204 can support any block size up to the theoretical maximum of 65464
207 \fBblksize2\fP (nonstandard)
208 Set the transfer block size to anything less than or equal to the
209 specified option, but restrict the possible responses to powers of 2.
210 The maximum is 32768 bytes (the largest power of 2 less than or equal
213 \fBtsize\fP (RFC 2349)
214 Report the size of the file that is about to be transferred. This
219 option for binary (octet) mode transfers.
221 \fBtimeout\fP (RFC 2349)
222 Set the time before the server retransmits a packet, in seconds.
224 \fButimeout\fP (nonstandard)
225 Set the time before the server retransmits a packet, in microseconds.
227 \fBrollover\fP (nonstandard)
228 Set the block number to resume at after a block number rollover. The
229 default and recommended value is zero.
233 option can be used to disable specific options; this may be necessary
234 to work around bugs in specific TFTP client implementations. For
235 example, some TFTP clients have been found to request the
237 option, but crash with an error if they actually get the option
238 accepted by the server.
239 .SH "FILENAME REMAPPING"
242 option specifies a file which contains filename remapping rules. Each
243 non-comment line (comments begin with hash marks,
249 a regular expression in the style of
252 .IR "replacement pattern" .
253 The operation indicated by
257 matches all or part of the filename. Rules are processed from the top
258 down, and by default, all rules are processed even if there is a
263 can be any combination of the following letters:
266 Replace the substring matched by
269 .IR "replacement pattern" .
270 The replacement pattern may contain escape sequences; see below.
273 Repeat this rule until it no longer matches. This is always used with
279 case-insensitively. By default it is case sensitive.
282 If this rule matches, end rule processing after executing the rule.
285 If this rule matches, start rule processing over from the very first
286 rule after executing this rule.
289 If this rule matches, refuse the request and send an access denied
293 This rule applies to GET (RRQ) requests only.
296 This rule applies to PUT (WRQ) requests only.
299 Inverse the sense of this rule, i.e. execute the
304 match. Cannot used together with
307 The following escape sequences are recognized as part of the
308 .IR "replacement pattern" :
311 The entire string matched by the
314 \fB\\1\fP to \fB\\9\fP
315 The strings matched by each of the first nine parenthesized
316 subexpressions, \\( ... \\), of the
321 The IP address of the requesting host, in dotted-quad notation
325 The IP address of the requesting host, in hexadecimal notation
331 \fB\\\fP\fIwhitespace\fP
338 Turns all subsequent letters to upper case.
341 Turns all subsequent letters to lower case.
344 Cancels the effect of \fB\\U\fP or \fB\\L\fP.
346 If the mapping file is changed, you need to send
352 The use of TFTP services does not require an account or password on
353 the server system. Due to the lack of authentication information,
355 will allow only publicly readable files (o+r) to be accessed, unless the
357 option is specified. Files may be written only if they already exist
358 and are publicly writable, unless the
360 option is specified. Note that this extends the concept of ``public''
361 to include all users on all hosts that can be reached through the
362 network; this may not be appropriate on all systems, and its
363 implications should be considered before enabling TFTP service.
364 Typically, some kind of firewall or packet-filter solution should be
365 employed. If appropriately compiled (see the output of
366 .BR "in.tftpd \-\-version" )
370 database for access control information. This may be slow; sites
371 requiring maximum performance may want to compile without this option
372 and rely on firewalling or kernel-based packet filters instead.
374 The server should be set to run as the user with the lowest possible
375 privilege; please see the
377 flag. It is probably a good idea to set up a specific user account for
379 rather than letting it run as "nobody", to guard against privilege
380 leaks between applications.
382 Access to files can, and should, be restricted by invoking
384 with a list of directories by including pathnames as server program
385 arguments on the command line. In this case access is restricted to
386 files whole names are prefixed by one of the given directories. If
387 possible, it is recommended that the
389 flag is used to set up a chroot() environment for the server to run in
390 once a connection has been set up.
392 Finally, the filename remapping
394 flag) support can be used to provide a limited amount of additional
398 .IR "Requirements for Internet Hosts \- Application and Support" .
401 .IR "The TFTP Protocol (revision 2)" .
404 .IR "TFTP Option Extension" .
407 .IR "TFTP Blocksize Option" .
410 .IR "TFTP Timeout Interval and Transfer Size Options" .
414 is maintained by H. Peter Anvin <hpa@zytor.com>. It was derived from,
415 but has substantially diverged from, an OpenBSD source base, with
416 added patches by Markus Gutschke and Gero Kulhman.
421 .BR hosts_access (5),