TFTP Boot with Xterminals

Support knowledgebase (tftp_solved)
Applies to

SuSE Linux: All versions

Problem:

An Xterminal trying to retrieve its requested files via tftp (Trivial File Transfer Protocol) has no access to the Linux server.

Solution:

Use the secure version of /etc/inetd.conf. If you do not have it yet, copy /etc/inetd.conf.secure to /etc/inetd.conf.

If no /etc/inetd.conf.secure is available in your system, /etc/inetd.conf is already the secure version. Secure means that the daemons are not started directly but through /usr/sbin/tcpd, the wrapper daemon. This daemon uses /etc/hosts.allow and /etc/hosts.deny to determine which remote hosts can address which services.

Refer to the hosts_access man pages (command `man 5 hosts_access') to find out how /etc/hosts.allow and /etc/hosts.deny have to be configured for the proper configuration of the secure version of /etc/inetd.conf.

Regarding tftp itself, the following line in /etc/inetd.conf:

# tftp  dgram   udp     wait    nobody  /usr/sbin/tcpd  in.tftp
must be changed to:
tftp    dgram   udp     wait    nobody  /usr/sbin/tcpd  /usr/sbin/in.tftpd /tftpboot
/tftpboot is the only directory from which data can be retrieved via tftp. Since tcpd starts /usr/sbin/in.tftpd as user nobody (which is absolutely necessary because tftp does not require a password), the rights for /usr/sbin/in.tftpd must still be changed. Set them correctly with the command:
chmod 755 /usr/sbin/in.tftpd
The following applies for the use of tftp:

The daemon /usr/sbin/in.tftpd only accepts tftp requests containing file entries that fulfill the following criteria:

The tftp file requests submitted by an Xterminal must always be made with the complete path name and without /../. For further information on in.tftp daemons, refer to the corresponding man pages.
Keywords: NETWORK, XTERMINAL, TFTP, SECURITY, TCPD

Categories: Internet

SDB-tftp_solved, Copyright SuSE Linux AG, Nürnberg, Germany - Version: 17. Jul 1996
SuSE Linux AG - Last generated: 18. Jun 2002 by sdb (sdb_gen 1.40.0)