diff options
author | imp <imp@FreeBSD.org> | 1996-09-22 04:19:27 +0000 |
---|---|---|
committer | imp <imp@FreeBSD.org> | 1996-09-22 04:19:27 +0000 |
commit | c04f619292e13248b5eac368266aee4d54699b51 (patch) | |
tree | 9c12365a107622c02dbcb4ffc7b4a1952873ff11 /libexec/tftpd/tftpd.8 | |
parent | a43b707795a51c0af5320d933cbf0d274a3661b4 (diff) | |
download | FreeBSD-src-c04f619292e13248b5eac368266aee4d54699b51.zip FreeBSD-src-c04f619292e13248b5eac368266aee4d54699b51.tar.gz |
Reviewed by: Bill Fenner <fennder@parc.xerox.com>
Reviewed by: Garrett Wollman <wollman@freebsd.org>
Submitted by: Warner Losh <imp@village.org>
Close PR bin/1145:
Add -s flag to tftpd. This enables the so-called secure mode
of tftpd where it chroots to a given directory before allowing access
to the files. In addition, it runs as nobody when in this mode.
Reviewed a long time ago by Bill and Garrett. Apply my patch from the
pr, and close the PR.
Diffstat (limited to 'libexec/tftpd/tftpd.8')
-rw-r--r-- | libexec/tftpd/tftpd.8 | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/libexec/tftpd/tftpd.8 b/libexec/tftpd/tftpd.8 index 430c1c4..4a9004d 100644 --- a/libexec/tftpd/tftpd.8 +++ b/libexec/tftpd/tftpd.8 @@ -42,6 +42,7 @@ Internet Trivial File Transfer Protocol server .Nm tftpd .Op Fl l .Op Fl n +.Op Fl s Ar directory .Op Ar directory ... .Sh DESCRIPTION .Nm Tftpd @@ -87,6 +88,15 @@ names are prefixed by the one of the given directories. The given directories are also treated as a search path for relative filename requests. .Pp +The chroot option provides additional security by restricting access +of tftpd to only a chroot'd file system. This is useful when moving +from an OS that supported +.Nm -s +as a boot server. Because chroot is restricted to root, you must run +tftpd as root. However, if you chroot, then +.Nm tftpd +will set its user id to nobody. +.Pp The options are: .Bl -tag -width Ds .It Fl l @@ -95,6 +105,11 @@ Logs all requests using .It Fl n Suppresses negative acknowledgement of requests for nonexistent relative filenames. +.It Fl s Ar directory +Causes tftpd to chroot to +.Pa directory +before accepting commands. In addition, the user id is set to +nobody. .El .Sh SEE ALSO .Xr tftp 1 , |