SuSE Support Database

Title: TFTP boot with Xterminals

---

Mainpage ---- Searchform ---- History ---- Versions ---- Categories ---- Contents
Deutsch
---

TFTP boot with Xterminals

Problem:

A xterminal that takes its required files via tftp (Trivial File Transfer Protocol) has no access to the Linux server.

Solution:

Please use the more secure variation of /etc/inetd.conf. For this copy, if you do not have it already, /etc/inetd.conf.secure to /etc/inetd.conf.

If your system does not use /etc/inetd.conf.secure, then /etc/inetd.conf is already the more secure variation. We call it more secure because all daemons are not started directly , but through /usr/bin/tcpd, the wraper daemon. It uses /etc/hosts.allow and /etc/hosts.deny to establish which strange host can contact which service.

Read the manual page hosts_access (call: `man 5 hosts_access' to know how you must configure /etc/hosts.allows and /etc/hosts.deny to configure correctly the more secure variation of /etc/inetd.conf.

Now to the real tftp. You must carry out the following changes in /etc/inetd.conf. The line:

# tftp  dgram   udp     wait    nobody  /usr/sbin/tcpd  in.tftp
must be changed for example into the following one:
tftp    dgram   udp     wait    nobody  /usr/sbin/tcpd  in.tftpd /tftpboot
The directory declared here /tftpboot is the only one that can be taken from the data via tftp. Since the tcpd starts the in.tftpd as user nobody (an absolute must, since no password is required in tftp), the privileges of /usr/sbin/in.tftpd are still to be changed. With the command:
chmod 755 /usr/sbin/in.tftpd
they are correctly set. The following rules apply for the use of tftp:
The daemon /usr/sbin/in.tftpd only accepts in a tftp request file declarations that:
a)
begin with a `/'
b)
contain the string tftpboot (or another one that is declared as argument in /etc/inetd.conf)
c)
contain no /../ (protection against cheating)
d)
are readable by everyone.
The tftp file requests of a xterminal must always take place with the full pathname and without /../ as a result. You will find more about daemons in.tftp in the manual page.

---

Keywords: NET, XTERMINAL, TFTP, SECURITY, TCPD

---

Feedback welcome: Send Mail to werner@suse.de (Please give the following subject: SDB-tftp_solved)

---

Mainpage ---- Searchform ---- History ---- Versions ---- Categories ---- Contents
Deutsch
---

SDB-tftp_solved, Copyright SuSE GmbH, Nuremberg, Germany - Version:
Impressum - Last generated: 24. Feb 1999 15:27:58 by maddin with sdb_gen 1.00.0