TFTP xinetd creating files

[DevilWAH]

Hi,

i have been trying to get TFTP to allow file creation in unbuntu.

my xinetd file is as follows

Code:

service tftp
{
protocol = udp
port = 69
socket_type = dgram
wait = yes
user = nobody
server = /usr/sbin/in.tftpd
server_args = -c -s /tftp
disable = no
}

now this dies not work at all, if i remove the -c and -s I can copy from the TFTP and upload files back to it as long as they exist. But as soon as i add them back in i get the following message when i try to write to or from the server?

%Error opening tftp://10.x.x.x/filename (Timed out)

Ccan any one help setting this up to the remote system can create the file in the server?

Cheers

Aaron

[Forsaken_GA]

From the tftpd man page:

The use of tftp(1) does not require an account or password on the remote
system. Due to the lack of authentication information, tftpd will allow
only publicly readable files to be accessed. Files may be written only
if they already exist and are publicly writable.

So if you want to be able to write to files, create them with the touch command to create a 0 byte file, and then chmod 777 them.

Otherwise, you'll need to use a different tftp daemon that allows file creation

[DevilWAH]

but using tftpd with the inetd config file and you can do it. xinet is just the configuration as i underdtand it. and like i say tftpd deamon does support file creation.

[Forsaken_GA]

I suggest you read the manual page for tftpd, it disagrees with you. If you still disagree with the man page, then go parse the source code

If you need remote creation capability (which is a bit of a security risk), you need to look into tftpd-hpa or atftpd under Ubuntu

[mikej412]

-c Allow new files to be created. By default, tftpd will only allow upload of files that already exist. Files are created with default permissions allowing anyone to read or write them, unless the -p or -U options are specified.

What are the permissions on the /tftp directory? Publicaly writable? Did you put a test file in the /tftp directory and verify that the -s option (and hopefully the -c option) was accepted and used by tftpd (and indirectly verify you're not running a different conflicting tftp server)?

[Forsaken_GA]

He specified that he's running ubuntu. tftpd under Ubuntu only has two commandline options:


-n Suppresses negative acknowledgement of requests for nonexistent relative file‐
names.

-s All absolute filenames are treated as if they were preceded by the first direc‐
tory argument, or /tftpboot if there is none.

if you try and run tftpd under ubuntu (and debian as well, which is why I'm very familiar with this issue) with the -c option, and then check /var/log/daemon.log, you'll see it's an unknown option

forsaken@forsaken-ubuntu:/var/log$ date
Thu Nov 11 18:44:45 EST 2010
forsaken@forsaken-ubuntu:/var/log$ in.tftpd -c
forsaken@forsaken-ubuntu:/var/log$ grep tftpd /var/log/daemon.log
Nov 11 18:44:56 forsaken-ubuntu tftpd[25921]: unknown option -?

What I'm saying may not be true for all Linux distros, but it's true for Ubuntu

If you use tftpd-hpa instead, it has an option to create new files

[mikej412]

He specified that he's running ubuntu.

I've got 6 different TFTP options available on my Ubuntu server.

Edit: Yep -- looks like I've got tftp-hpa installed

[Forsaken_GA]

I've got 6 different TFTP options available on my Ubuntu server.

Yeah, Ubuntu's got options, but whenever I see this it's because the user has typed apt-get install tftpd (which is a reasonable assumption on the users part)

And that particular tftpd daemon doesn't do remote file creation.

The tftpd-hpa package is a drop in replacement for the regular tftpd package and is a little more robust (it starts as a regular daemon though, not out of inetd)

It's one of those little debian idiosyncrasies, like with arping. Most of the time, the util that folks are actually looking for is the iputils-arping one, but there's a regular arping package too.

[DevilWAH]

See I would sware I had -c running on a copy of unbunta with only tftpd installed. I remember removing tftd-hda and installing pure TFTPD? Because i tried three or 4 different TFTP servers.

may be i am mestaken and i cant check it now as the box is at my old company..

in the end I went back to tftpd-hpa as this only a box for a cisco lab so no need for securit.