[ Previous | Next | Contents | Glossary | Home | Search ]
AIX Version 4.3 Commands Reference, Volume 5

tftpd Daemon

Purpose

Provides the server function for the Trivial File Transfer Protocol.

Syntax

/usr/sbin/tftpd -c ] [ -n ] [ -p ] [ -r ] [ -v ] [ -t ] [ -s ] [ -x ] [ -z ] [ -d Directory]

Description

Note: The tftpd daemon is normally started by the inetd daemon. It can also be controlled from the command line, using SRC commands.

The /usr/sbin/tftpd daemon runs the Trivial File Transfer Protocol (TFTP) server. Files sent using TFTP can be found in the directory specified by the full path name given on the tftp or utftp command line.

Note: The tftp command, utftp command, and tftpd server are not available when the auditing system is in use. For more information, see Understanding Security for TCP/IP, the Auditing Overview, and the audit command.

Changes to the tftpd daemon can be made using the System Management Interface Tool (SMIT) or System Resource Controller (SRC), by editing the /etc/inetd.conf or /etc/services file. The tftpd daemon is started by default when it is uncommented in the /etc/inetd.conf file.

The inetd daemon get its information from the /etc/inetd.conf file and the /etc/services file.

After changing the /etc/inetd.conf or /etc/services file, run the refresh -s inetd or kill -1 InetdPID command to inform the inetd daemon of the changes to its configuration file.

The tftpd server should have a user ID with the least privileges possible. The nobody ID allows the least permissions, and is the default user ID.

The tftpd daemon should be controlled using the System Management Interface Tool (SMIT) or by changing the /etc/inetd.conf file. Entering tftpd at the command line is not recommended.

With Release 4.3.x, the tftpd server has become a multithreaded application. Another major change is the server's ability to handle the new TFTP Blocksize Option (RFC1783). This new capability allows a client to negotiate a larger blocksize which improves tftp file transfer performance significantly. As a result, the boot time performance of diskless nodes using TFTP also improves significantly. The tftp client must be able to do blocksize negotiation to take advantage of this performance improvement. The blocksize option has not been implemented in the current tftp command.

tftpaccess.ctl File

The /etc/tftpaccess.ctl file is searched for lines that start with allow: or deny:. Other lines are ignored. If the file doesn't exist, access is allowed. The allowed directories and files minus the denied directories and files can be accessed. For example, the /usr directory might be allowed and the /usr/ucb directory might be denied. This means that any directory or file in the /usr directory, except the /usr/ucb directory, can be accessed. The entries in the /etc/tftpaccess.ctl file must be absolute path names.

The /etc/tftpaccess.ctl file should be write-only by the root user and readable by all groups and others (that is, owned by root with permissions of 644). The user nobody must be able to read the /etc/tftpaccess.ctl file. Otherwise, the tftpd daemon is not able to recognize the existence of the file and allows access to the entire system. For more information, refer to the sample tftpaccess.ctl file, which resides in the /usr/samples/tcpip directory.

The search algorithm assumes that the local path name used in the tftp command is an absolute path name. It searches the /etc/tftpaccess.ctl file looking for allow:/. It repeatedly searches for allowed path names with each partial path name constructed by adding the next component from the file path name. The longest path name matched is the one allowed. It then does the same with denied names, starting with the longest allowed path name matched.

For example, if the file path name were /a/b/c and the /etc/tftpaccess.ctl file contained allow:/a/b and deny:/a, one allowed match would be made (/a/b) and no denied match starting with /a/b would be made, and access would be allowed.

If the /etc/tftpaccess.ctl file contained allow:/a and deny:/a/b, one allowed match would be made (/a) and one denied match starting with /a (/a/b) would be made, and access would be denied. If the /etc/tftpaccess.ctl file contained allow:/a/b and also contained deny:/a/b, access would be denied because allowed names are searched first.

Manipulating the tftpd Daemon with the System Resource Controller

The tftpd daemon is a subserver of the inetd daemon, which is a subsystem of the System Resource Controller (SRC). The tftpd daemon is a member of the tcpip SRC subsystem group. This daemon is enabled when it is uncommented in the /etc/inetd.conf file and can be manipulated by the following SRC commands:

startsrc Starts a subsystem, group of subsystems, or a subserver.
stopsrc Stops a subsystem, group of subsystems, or a subserver.
lssrc
                          Gets the status of a subsystem, group of subsystems, or a subserver.

Flags

-c Specfies the maximum number of concurrent threads per process, excluding the initial thread.
-d Directory Specfies default destination directory. The Direcrtory specified will be used as the home directory for storing files only. This default directory will be used only if a full pathname is not specified. The default directory for retrieving files is still /tftpboot.
-i Logs the IP address of the calling machine with error messages.
-n Allows the remote user to create files on your machine. Remote users are only allowed to read files with read permission for other if this flag is not specified.
-p Specfies the port number for the incoming request.
-r Attempts to convert the IP address to the appropriate host name before it logs messages. This flag must be used with the -i flag or the -v flag.
-s Turns on socket-level debugging.
-t Specfies the timeout value for datagrams.
-v Logs information messages when any file is successfully transferred by the tftpd daemon. This logging keeps track of who is remotely transferring files to and from the system with the tftpd daemon.
-x Specifies the maximum of timeouts waiting for a datagram.
-z Specfies the maximum allowed segment size for transfers.

Examples

Note: The arguments for the tftpd daemon can be specified by using SMIT or by editing the /etc/inetd.conf file.
  1. To start the tftpd daemon, enter the following:
    startsrc -t tftp
    This command starts the tftpd subserver.
  2. To stop the tftpd daemon normally, enter the following:
    stopsrc -t tftp
    This command allows all pending connections to start and existing connections to complete but prevents new connections from starting.
  3. To force stop the tftpd daemon and all tftpd connections, enter the following:
    stopsrc -t -f tftp
    This command terminates all pending connections and existing connections immediately.
  4. To display a short status report about the tftpd daemon, enter the following:
    lssrc -t tftp
    This command returns the daemon's name, process ID, and state (active or inactive).

Related Information

The kill command, lssrc command, refresh command, startsrc command, stopsrc command, tftp command.

The inetd daemon.

The /etc/inetd.conf file format.

Trivial File Transfer Protocol (TFTP) in AIX Version 4.3 System Management Guide: Communications and Networks.

TCP/IP Daemons in AIX Version 4.3 System Management Guide: Communications and Networks.


[ Previous | Next | Contents | Glossary | Home | Search ]