Provided by: tftpd-hpa_5.1-2ubuntu1_i386 bug

NAME

       tftpd - Trivial File Transfer Protocol server

SYNOPSIS

       in.tftpd [options...]  directory...

DESCRIPTION

       tftpd  is  a  server  for the Trivial File Transfer Protocol.  The TFTP
       protocol is extensively used to  support  remote  booting  of  diskless
       devices.   The  server  is  normally started by inetd, but can also run
       standalone.

OPTIONS

       --ipv4, -4
              Connect with IPv4 only, even if IPv6 support was compiled in.

       --ipv6, -6
              Connect with IPv6 only, if compiled in.

       -l, --listen
              Run the server in standalone (listen) mode, rather than run from
              inetd.  In listen mode, the --timeout option is ignored, and the
              --address option can be used to specify a specific local address
              or port to listen to.

       --foreground, -L
              Similar  to  --listen  but  do  not  detach  from the foreground
              process.  Implies --listen.

       --address [address][:port], -a [address][:port]
              Specify a specific address and port to  listen  to  when  called
              with  the  --listen  or  --foreground option.  The default is to
              listen to the tftp port specified in /etc/services on all  local
              addresses.

              Please  note:  Numeric  IPv6 adresses must be enclosed in square
              brackets to avoid ambiguity with the optional port information.

       --create, -c
              Allow new files to be created.   By  default,  tftpd  will  only
              allow  upload  of  files  that already exist.  Files are created
              with default permissions allowing anyone to read or write  them,
              unless the --permissive or --umask options are specified.

       --secure, -s
              Change  root  directory  on startup.  This means the remote host
              does not need to  pass  along  the  directory  as  part  of  the
              transfer,  and  may  add  security.  When --secure is specified,
              exactly one directory should be specified on the  command  line.
              The  use  of  this option is recommended for security as well as
              compatibility with some boot ROMs which cannot be easily made to
              include a directory name in its request.

       --user username, -u username
              Specify  the  username  which  tftpd will run as; the default is
              "nobody".  The user ID,  group  ID,  and  (if  possible  on  the
              platform)  the  supplementary  group IDs will be set to the ones
              specified in the system permission database for this username.

       --umask umask, -U umask
              Sets the umask for newly created files to the  specified  value.
              The   default  is  zero  (anyone  can  read  or  write)  if  the
              --permissive option is not  specified,  or  inherited  from  the
              invoking process if --permissive is specified.

       --permissive, -p
              Perform  no  additional  permissions  checks  above  the  normal
              system-provided access controls for the user specified  via  the
              --user option.

       --pidfile pidfile, -P pidfile
              When  run  in  standalone  mode,  write  the  process  ID of the
              listening server into pidfile.  On normal  termination  (SIGTERM
              or SIGINT) the pid file is automatically removed.

       --timeout timeout, -t timeout
              When run from inetd this specifies how long, in seconds, to wait
              for a second connection before terminating  the  server.   inetd
              will then respawn the server when another request comes in.  The
              default is 900 (15 minutes.)

       --retransmit timeout, -T timeout
              Determine the default timeout, in microseconds, before the first
              packet  is retransmitted.  This can be modified by the client if
              the timeout or utimeout option is negotiated.   The  default  is
              1000000 (1 second.)

       --map-file remap-file, -m remap-file
              Specify the use of filename remapping.  The remap-file is a file
              containing the remapping rules.  See  the  section  on  filename
              remapping  below.   This  option may not be compiled in, see the
              output of in.tftpd -V to verify whether or not it is available.

       --verbose, -v
              Increase the logging verbosity  of  tftpd.   This  flag  can  be
              specified multiple times for even higher verbosity.

       --verbosity value
              Set the verbosity value to value.

       --refuse tftp-option, -r tftp-option
              Indicate  that  a  specific RFC 2347 TFTP option should never be
              accepted.

       --blocksize max-block-size, -B max-block-size
              Specifies the maximum permitted block size.  The permitted range
              for  this parameter is from 512 to 65464.  Some embedded clients
              request large block sizes  and  yet  do  not  handle  fragmented
              packets  correctly;  for these clients, it is recommended to set
              this value to the smallest MTU on your network  minus  32  bytes
              (20  bytes for IP, 8 for UDP, and 4 for TFTP; less if you use IP
              options on your network.)  For example, on a  standard  Ethernet
              (MTU 1500) a value of 1468 is reasonable.

       --port-range port:port, -R port:port
              Force  the  server port number (the Transaction ID) to be in the
              specified range of port numbers.

       --version, -V
              Print the version number and configuration to  standard  output,
              then exit gracefully.

RFC 2347 OPTION NEGOTIATION

       This  version  of tftpd supports RFC 2347 option negotation.  Currently
       implemented options are:

       blksize (RFC 2348)
              Set the transfer block size to anything less than  or  equal  to
              the  specified  option.   This  version of tftpd can support any
              block size up to the theoretical maximum of 65464 bytes.

       blksize2 (nonstandard)
              Set the transfer block size to anything less than  or  equal  to
              the  specified  option,  but  restrict the possible responses to
              powers of 2.  The maximum is 32768 bytes (the largest power of 2
              less than or equal to 65464.)

       tsize (RFC 2349)
              Report  the  size  of  the file that is about to be transferred.
              This version of tftpd only supports the tsize option for  binary
              (octet) mode transfers.

       timeout (RFC 2349)
              Set the time before the server retransmits a packet, in seconds.

       utimeout (nonstandard)
              Set  the  time  before  the  server  retransmits  a  packet,  in
              microseconds.

       rollover (nonstandard)
              Set the block number to resume at after a block number rollover.
              The default and recommended value is zero.

       The  --refuse  option can be used to disable specific options; this may
       be  necessary  to  work   around   bugs   in   specific   TFTP   client
       implementations.   For  example,  some  TFTP clients have been found to
       request the blksize option, but crash with an error  if  they  actually
       get the option accepted by the server.

FILENAME REMAPPING

       The   --map-file  option  specifies  a  file  which  contains  filename
       remapping rules.  Each  non-comment  line  (comments  begin  with  hash
       marks,  #)  contains  an operation, specified below; a regex, a regular
       expression in the style of egrep; and optionally a replacement pattern.
       The  operation indicated by operation is performed if the regex matches
       all or part of the filename.  Rules are processed from  the  top  down,
       and by default, all rules are processed even if there is a match.

       The operation can be any combination of the following letters:

       r      Replace  the  substring  matched  by  regex  by  the replacement
              pattern.  The replacement pattern may contain escape  sequences;
              see below.

       g      Repeat  this  rule  until  it no longer matches.  This is always
              used with r.

       i      Match the regex  case-insensitively.   By  default  it  is  case
              sensitive.

       e      If  this  rule  matches, end rule processing after executing the
              rule.

       s      If this rule matches, start rule processing over from  the  very
              first rule after executing this rule.

       a      If  this  rule  matches,  refuse  the request and send an access
              denied error to the client.

       G      This rule applies to GET (RRQ) requests only.

       P      This rule applies to PUT (WRQ) requests only.

       ~      Inverse the sense of this rule, i.e. execute the operation  only
              if the regex doesn't match.  Cannot used together with r.

       The   following   escape  sequences  are  recognized  as  part  of  the
       replacement pattern:

       \0     The entire string matched by the regex.

       \1 to \9
              The strings matched by each  of  the  first  nine  parenthesized
              subexpressions, \( ... \), of the regex pattern.

       \i     The  IP  address of the requesting host, in dotted-quad notation
              (e.g. 192.0.2.169).

       \x     The IP address of the requesting host, in  hexadecimal  notation
              (e.g. C00002A9).

       \\     Literal backslash.

       \whitespace
              Literal whitespace.

       \#     Literal hash mark.

       \U     Turns all subsequent letters to upper case.

       \L     Turns all subsequent letters to lower case.

       \E     Cancels the effect of \U or \L.

       If  the  mapping  file  is  changed,  you  need  to  send SIGHUP to any
       outstanding tftpd process.

SECURITY

       The use of TFTP services does not require an account or password on the
       server  system.   Due  to the lack of authentication information, tftpd
       will allow only publicly readable files (o+r) to  be  accessed,  unless
       the  --permissive  option  is  specified.  Files may be written only if
       they already exist and  are  publicly  writable,  unless  the  --create
       option  is specified.  Note that this extends the concept of ``public''
       to include all users on all hosts  that  can  be  reached  through  the
       network;   this  may  not  be  appropriate  on  all  systems,  and  its
       implications  should  be  considered  before  enabling  TFTP   service.
       Typically,  some  kind  of firewall or packet-filter solution should be
       employed.  If  appropriately  compiled  (see  the  output  of  in.tftpd
       --version)  tftpd  will  query  the hosts_access(5) database for access
       control  information.   This  may  be  slow;  sites  requiring  maximum
       performance  may  want  to  compile  without  this  option  and rely on
       firewalling or kernel-based packet filters instead.

       The server should be set to run as the user with  the  lowest  possible
       privilege;  please  see the --user flag.  It is probably a good idea to
       set up a specific user account for tftpd, rather than letting it run as
       "nobody", to guard against privilege leaks between applications.

       Access to files can, and should, be restricted by invoking tftpd with a
       list of directories by including pathnames as server program  arguments
       on  the command line.  In this case access is restricted to files whole
       names are prefixed by one of the given directories.  If possible, it is
       recommended  that  the  --secure  flag  is  used  to  set up a chroot()
       environment for the server to run in once a connection has been set up.

       Finally, the filename remapping (--map-file flag) support can  be  used
       to provide a limited amount of additional access control.

CONFORMING TO

       RFC 1123, Requirements for Internet Hosts - Application and Support.
       RFC 1350, The TFTP Protocol (revision 2).
       RFC 2347, TFTP Option Extension.
       RFC 2348, TFTP Blocksize Option.
       RFC 2349, TFTP Timeout Interval and Transfer Size Options.

AUTHOR

       This  version of tftpd is maintained by H. Peter Anvin <hpa@zytor.com>.
       It was derived from, but has substantially diverged  from,  an  OpenBSD
       source base, with added patches by Markus Gutschke and Gero Kulhman.

SEE ALSO

       tftp(1), egrep(1), umask(2), hosts_access(5), regex(7), inetd(8).