# Configure tftpd to accept files



## ph0enix (Oct 1, 2012)

I'm running 9.0-RELEASE-p4.
I created /tftpboot and set it's permissions to 777 recursively.
I then enabled tftpd in inet.conf and started inetd:


```
tftp    dgram   udp     wait    root    /usr/libexec/tftpd      tftpd -l -s /tftpboot
```

I can download files from the tftp server to routers and switches on the network but I can't upload anything to it.  The interesting thing is that when I try uploading, the files get created - not in /tftpboot but in my home directory instead.  The files are 0 bytes in size.  I'm guessing that the TFTP user simply doesn't have access to the directory.  How do I make it write to /tftpboot instead?


Thanks!

J.


----------



## wblock@ (Oct 2, 2012)

ph0enix said:
			
		

> I'm running 9.0-RELEASE-p4.
> I created /tftpboot and set it's permissions to 777 recursively.



Setting anything to 777 is an automatic red flag.  Don't do it.



> I then enabled tftpd in inet.conf and started inetd:
> 
> 
> ```
> ...



That should be inetd.conf, but you can avoid inetd(8) by just running tftpd(8) from /etc/rc.conf:

```
tftpd_enable="YES"
tftpd_flags="set flags here"
```

Also, -s should specify a directory.


----------



## SirDice (Oct 2, 2012)

wblock@ said:
			
		

> Setting anything to 777 is an automatic red flag.  Don't do it.


Absolutely true but a necessity if you want to have write access with TFTP. Keep in mind that TFTP doesn't have any form of identification. So you automatically fall in the "other" category.

Ph0enix, the file must exist before you can write it. It's more or less a 'safety' feature, if you can call anything TFTP safe. So simply touch(1) a filename and you'll be able to write that file with tftp(1).


----------



## ph0enix (Oct 2, 2012)

wblock@ said:
			
		

> Setting anything to 777 is an automatic red flag.  Don't do it.
> 
> 
> 
> ...



It's a typo.  I meant inetd.conf
I'm not having any luck starting tftpd from rc.conf.  
Here is what I put in it:

```
tftpd_enable="YES"
tftpd_flags="-l -s /tftpboot"
```

I noticed that there is no /etc/rc.d/tftpd.  Do I need to create one myself?


----------



## ph0enix (Oct 2, 2012)

SirDice said:
			
		

> Absolutely true but a necessity if you want to have write access with TFTP. Keep in mind that TFTP doesn't have any form of identification. So you automatically fall in the "other" category.
> 
> Ph0enix, the file must exist before you can write it. It's more or less a 'safety' feature, if you can call anything TFTP safe. So simply touch(1) a filename and you'll be able to write that file with tftp(1).



Ah, creating the file first and setting it to 777 does the trick.  I would love to ditch inetd though but I'm not having any luck getting tftpd to work from rc.conf.


----------



## wblock@ (Oct 2, 2012)

Sorry, I think my system has that because I use ftp/tftp-hpa.


----------



## mamalos (Oct 2, 2012)

wblock, you're probably right. Mine doesn't have it either, and 


```
$ grep -i tftp /etc/defaults/rc.conf
```

returns nothing (which implies its non-existent).

By the way, and sorry for injecting this question on this thread but it has happened to me many times and I always forget to mention it after pressing the reply button:

Whenever I select some lines of text from a Terminal in order to paste them on this forum's WYSIWYG by pressing the middle mouse button, if before I press it I select any button that automatically inserts tags (like 
	
	



```
, or [FILE]), then when pressing it I paste [\/CODE] (or [\/FILE], or whatever ) instead of the desired text.

Is this logical? And if not, is it fixable?

Sorry for this parenthesis. If you guys think I am causing a problem, I'll post the question.

Thanx.
```


----------



## ph0enix (Oct 2, 2012)

wblock@ said:
			
		

> Sorry, I think my system has that because I use ftp/tftp-hpa.



I installed tftp-hpa.  Life is good! 

Thank you!


----------



## AlbyVA (Nov 2, 2012)

Using this thread, I was able to get tftp up and running. Minus a few hiccups, like forgetting to put in.tftpd into my hosts.allow file. 

In any case, I was successfully able to tftp a file from my FreeBSD box to my Cisco router to complete an IOS upgrade. What I still seem to be falling short on is the ability for my FreeBSD box to *accept* incoming files via tftp.

Does anybody have a suggestion on why I'm able to tftp file from my FreeBSD box, but I cannot tftp files to my box? Do I need to configure something to allow incoming tftp deposits?

Thanks,


----------



## SirDice (Nov 2, 2012)

AlbyVA said:
			
		

> Does anybody have a suggestion on why I'm able to tftp file from my FreeBSD box, but I cannot tftp files to my box? Do I need to configure something to allow incoming tftp deposits?


Oddly enough, the file needs to exist prior to uploading it. Simply touch(1) the filename you want to upload so it exists (*touch* will create a 0 byte file) and uploading should work. Also make sure it's set world-writable (o+w).


----------



## AlbyVA (Nov 2, 2012)

SirDice said:
			
		

> Oddly enough, the file needs to exist prior to uploading it. Simply touch(1) the filename you want to upload so it exists (*touch* will create a 0 byte file) and uploading should work. Also make sure it's set world-writable (o+w).






  Thanks. I'll give that a shot. How odd. You'd think somebody would address that issue so that you don't need to create ghost files.


----------



## wblock@ (Nov 2, 2012)

Like by telling people who want full FTP functionality to use ftpd(8), you mean?


----------



## AlbyVA (Nov 3, 2012)

wblock@ said:
			
		

> Like by telling people who want full FTP functionality to use ftpd(8), you mean?





 Nada...  Just tftp functionality to move IOS images to/from Cisco routers.


----------



## SirDice (Nov 5, 2012)

AlbyVA said:
			
		

> Thanks. I'll give that a shot. How odd. You'd think somebody would address that issue so that you don't need to create ghost files.



It's actually been added as a security precaution. Remember, TFTP has absolutely no authentication, so anybody could write anything and everything.


----------



## AlbyVA (Nov 6, 2012)

SirDice said:
			
		

> It's actually been added as a security precaution. Remember, TFTP has absolutely no authentication, so anybody could write anything and everything.





  That makes sense.


----------



## ph0enix (Nov 6, 2012)

AlbyVA said:
			
		

> Thanks. I'll give that a shot. How odd. You'd think somebody would address that issue so that you don't need to create ghost files.



I believe this is meant as a security feature due to the fact that the TFTP protocol does not have any security mechanism built into it which means that anyone who knows that you have a TFTP server running would be able to upload files to it as long as they can access the port.


----------



## ph0enix (Nov 6, 2012)

SirDice said:
			
		

> It's actually been added as a security precaution. Remember, TFTP has absolutely no authentication, so anybody could write anything and everything.



I guess I should have read all the responses before posting


----------

