SLUG Mailing List Archives
Re: [SLUG] TFTP server problems.
- To: DaZZa <dagibbs@xxxxxxxxx>
- Subject: Re: [SLUG] TFTP server problems.
- From: Glen Turner <gdt@xxxxxxxxx>
- Date: Thu, 25 Sep 2008 16:13:45 +0930
- Cc: SLUG <slug@xxxxxxxxxxx>
- Organization: http://www.gdt.id.au/~gdt/
- User-agent: Thunderbird 184.108.40.206 (X11/20080723)
Sep 24 09:18:03 fred in.tftpd: cannot set groups for user nobody
Perhaps you need to pass the user and group in parameters
to in.tftpd rather than as parameters to xinetd. See the -u
parameter and the manual page in.tftpd(8), which says:
Specify the username which tftpd will run as; the
default is "nobody". The user ID, group ID, and (if
possible on the platform) the supplementary group IDs
will be set to the ones specified in the system
permission database for this username.
which implies that without -u the daemon will run as the
I'm not sure in.tftpd could even bind to the listening port
unless it starts as the root user.
If you are running a recent Linux (with IPv6 support)
you may also need to ensure that xinetd doesn't try to
bind the IPv4-only TFTP protocol to a IPv6 socket.
See the "flags" parameter in xinetd.conf(5).
An example from a running TFTP server is:
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /srv/tftpboot -c -vv -u tftp -p -U 007
disable = no
per_source = 11
cps = 100 2
flags = IPv4
On my distro xinetd also references TCP Wrappers, so /etc/hosts.allow
On my distro a firewall also exists and a iptables rule had to be added
for the TFTP protocol (which runs over UDP). That requires the tftp connection
tracking module nf_conntrack_tftp to be installed so that RELATED rules can
Glen Turner <http://www.gdt.id.au/~gdt/>