1 .\" -*- nroff -*- --------------------------------------------------------- *
4 .\" Copyright (c) 1990, 1993, 1994
5 .\" The Regents of the University of California. All rights reserved.
7 .\" Copyright 2001 H. Peter Anvin - All Rights Reserved
9 .\" Redistribution and use in source and binary forms, with or without
10 .\" modification, are permitted provided that the following conditions
12 .\" 1. Redistributions of source code must retain the above copyright
13 .\" notice, this list of conditions and the following disclaimer.
14 .\" 2. Redistributions in binary form must reproduce the above copyright
15 .\" notice, this list of conditions and the following disclaimer in the
16 .\" documentation and/or other materials provided with the distribution.
17 .\" 3. Neither the name of the University nor the names of its contributors
18 .\" may be used to endorse or promote products derived from this software
19 .\" without specific prior written permission.
21 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 .\"----------------------------------------------------------------------- */
34 .TH TFTPD 8 "16 November 2001" "tftp-hpa 0.27-pre2" "UNIX System Manager's Manual"
37 \- IPv4 Trivial File Transfer Protocol server
44 is a server for the IPv4 Trivial File Transfer Protocol. The TFTP
45 protocol is extensively used to support remote booting of diskless
46 devices. The server is normally started by
48 but can also run standalone.
53 Run the server in standalone (listen) mode, rather than run from
57 option is ignored, and the
59 option can be used to specify a specific local address or port to
62 \fB\-a\fP \fI[address][:port]\fP
67 to listen to when called with the
69 option. The default is to listen to the
73 on all local addresses.
76 Allow new files to be created. By default,
78 will only allow upload of files that already exist. Files are created
79 with default permissions allowing anyone to read or write them.
82 Change root directory on startup. This means the remote host does not
83 need to pass along the directory as part of the transfer, and may add
86 is specified, exactly one
88 should be specified on the command line. The use of this option is
89 recommended for security as well as compatibility with some boot ROMs
90 which cannot be easily made to include a directory name in its request.
92 \fB\-u\fP \fIusername\fP
93 Specify the username which
95 will run as; the default is "nobody".
97 \fB\-t\fP \fItimeout\fP
100 this specifies how long, in seconds, to wait for a second connection
101 before terminating the server.
103 will then respawn the server when another request comes in. The
104 default is 900 (15 minutes.)
106 \fB\-m\fP \fIremap-file\fP
107 Specify the use of filename remapping. The
109 is a file containing the remapping rules. See the section on filename
110 remapping below. This option may not be compiled in, see the output of
112 to verify whether or not it is available.
115 Increase the logging verbosity of
117 This flag can be specified multiple times for even higher verbosity.
119 \fB\-r\fP \fItftp-option\fP
120 Indicate that a specific RFC 2347 TFTP option should never be
124 Print the version number and configuration to standard output, then
126 .SH "RFC 2347 OPTION NEGOTIATION"
129 supports RFC 2347 option negotation. Currently implemented options
138 (RFC 2349). The nonstandard
140 TFTP option is functionally identical to the
142 option, with the additional constraint that the
143 blocksize is constrained to be a power of 2.
147 option can be used to disable specific options; this may be necessary
148 to work around bugs in specific TFTP client implementations.
149 .SH "FILENAME REMAPPING"
152 option specifies a file which contains filename remapping rules. Each
153 non-comment line (comments begin with hash marks,
159 a regular expression in the style of
162 .IR "replacement pattern" .
163 The operation indicated by
167 matches all or part of the filename. Rules are processed from the top
168 down, and by default, all rules are processed even if there is a
173 can be any combination of the following letters:
176 Replace the substring matched by
179 .IR "replacement pattern" .
180 The replacement pattern may contain escape sequences; see below.
183 Repeat this rule until it no longer matches. This is always used with
189 case-insensitively. By default it is case sensitive.
192 If this rule matches, end rule processing after executing the rule.
195 If this rule matches, start rule processing over from the very first
196 rule after executing this rule.
199 If this rule matches, refuse the request and send an access denied
203 This rule applies to GET (RRQ) requests only.
206 This rule applies to PUT (WRQ) requests only.
208 The following escape sequences are recognized as part of the
209 .IR "replacement pattern" :
212 The entire string matched by the
215 \fB\\1\fP to \fB\\9\fP
216 Match the first nine parentensized subexpressions, \\( ... \\) of the
221 The IP address of the requesting host, in dotted-quad notation
225 The IP address of the requesting host, in hexadecimal notation
231 \fB\\\fP\fIwhitespace\fP
237 If the mapping file is changed, you need to send
243 The use of TFTP services does not require an account or password on
244 the server system. Due to the lack of authentication information,
246 will allow only publicly readable files (o+r) to be accessed. Files
247 may be written only if they already exist and are publicly writable,
250 option is specified. Note that this extends the concept of ``public''
251 to include all users on all hosts that can be reached through the
252 network; this may not be appropriate on all systems, and its
253 implications should be considered before enabling TFTP service.
254 Typically, some kind of firewall or packet-filter solution should be
255 employed. If appropriately compiled (see the output of
260 database for access control information. This may be slow; sites
261 requiring maximum performance may want to compile without this option
262 and rely on firewalling or kernel-based packet filters instead.
264 The server should be set to have the user ID with the lowest possible
265 privilege; please see the
269 Access to files can, and should, be restricted by invoking
271 with a list of directories by including pathnames as server program
272 arguments on the command line. In this case access is restricted to
273 files whole names are prefixed by one of the given directories. If
274 possible, it is recommended that the
276 flag is used to set up a chroot() environment for the server to run in
277 once a connection has been set up.
279 Finally, the filename remapping
281 flag) support can be used to provide a limited amount of additional
285 .IR "Requirements for Internet Hosts \- Application and Support" .
288 .IR "The TFTP Protocol (revision 2)" .
291 .IR "TFTP Option Extension" .
294 .IR "TFTP Blocksize Option" .
297 .IR "TFTP Timeout Interval and Transfer Size Options" .
301 is maintained by H. Peter Anvin <hpa@zytor.com>. It was derived from,
302 but has substantially diverged from, an OpenBSD source base, with
303 added patches by Markus Gutschke and Gero Kulhman.
307 .BR hosts_access (5),