Tugger the SLUGger!SLUG Mailing List Archives

Re: [SLUG] TFTP server problems.


DaZZa wrote:

Sep 24 09:18:03 fred in.tftpd[29931]: cannot set groups for user nobody

Perhaps you need to pass the user and group in parameters
to in.tftpd rather than as parameters to xinetd. See the -u
parameter and the manual page in.tftpd(8), which says:

   -u username
      Specify the username which tftpd will run  as;  the
      default is "nobody".  The user ID, group ID, and (if
      possible on the platform) the supplementary group IDs
      will be set to the ones specified in the system
      permission database for this username.

which implies that without -u the daemon will run as the
"nobody" user.

I'm not sure in.tftpd could even bind to the listening port
unless it starts as the root user.

If you are running a recent Linux (with IPv6 support)
you may also need to ensure that xinetd doesn't try to
bind the IPv4-only TFTP protocol to a IPv6 socket.
See the "flags" parameter in xinetd.conf(5).

An example from a running TFTP server is:

service tftp
{
        socket_type             = dgram
        protocol                = udp
        wait                    = yes
        user                    = root
        server                  = /usr/sbin/in.tftpd
        server_args             = -s /srv/tftpboot -c -vv -u tftp -p -U 007
        disable                 = no
        per_source              = 11
        cps                     = 100 2
        flags                   = IPv4
}

On my distro xinetd also references TCP Wrappers, so /etc/hosts.allow
says
  in.tftpd: ALL

On my distro a firewall also exists and a iptables rule had to be added
for the TFTP protocol (which runs over UDP). That requires the tftp connection
tracking module nf_conntrack_tftp to be installed so that RELATED rules can
be matched.

--
 Glen Turner   <http://www.gdt.id.au/~gdt/>