tftpd(1M)                                                            tftpd(1M)


NAME
     tftpd - internet Trivial File Transfer Protocol server

SYNOPSIS
     /usr/etc/tftpd [-h homedir] [-l] [-n] [-s] [directory... ]

DESCRIPTION
     tftpd is a server that supports the Internet Trivial File Transfer
     Protocol (TFTP).  The TFTP server operates at the port indicated in the
     tftp service description; see services(4).  The server is normally
     started by inetd(1M).

     The use of tftp(1C) does not require an account or password on the remote
     system.  Due to the lack of authentication information, tftpd allows only
     publicly readable files to be accessed.  Files containing the string ../
     are not allowed.  Files can be written only if they already exist and are
     publicly writable.  Note that this extends the concept of public to
     include all users on all hosts that can be reached through the network;
     this may not be appropriate on all systems, and its implications should
     be considered before enabling TFTP service.  The server should be
     configured in /etc/inetd.conf to run as the user ID with the lowest
     possible privilege.

     Relative filenames are looked up in a home directory, /var/boot by
     default.

     The tftpd options are:

     -A   Allows the full range of ports to be used.

     -h homedir
          Changes the home directory to homedir, provided it is an absolute
          pathname.

     -l   Logs all requests using syslog(3C).

     -n   Suppresses negative acknowledgement of requests for nonexistent or
          inaccessible relative filenames.  Use -n when operating on a network
          with Sun diskless clients that broadcast TFTP requests for bootfiles
          named by relative pathnames, to avoid storms of negative
          acknowledgements.

     -s   Rejects requests to read or write an absolute pathname that does not
          begin with the home directory prefix and to write a relative
          pathname.  (See below.)

     Normally, tftpd allows unrestricted access to publicly-readable files in
     all directories.  There are two ways to enhance file security by
     restricting access to a smaller set of directories.  With the -s option,
     tftpd rejects requests to read or write an absolute pathname that does
     not begin with the home directory prefix.  It also rejects requests to
     write a relative pathname.  Another method is to restrict access to files


     in a limited number of approved directories by specifying the directory
     names, directory, as arguments to tftpd after the other options.  For an
     absolute pathname request, tftpd allows the request if its name begins
     with one of these directories or the home directory.  For a relative
     pathname request, the home directory and the directory list are searched
     in order.  Up to ten directories can be listed if no other command-line
     options are specified.  (inetd limits the total number of command-line
     arguments to ten.)

NOTES
     The port range is restricted to 1-32767 on certain platforms while
     booting across the network.  To use the complete range use the -A option.

SEE ALSO
     inetd(1M), tftp(1C).


                                                                        Page 2