HPlogo   Configuring and Managing MPE/iX Internet Services:
HP 3000 MPE/iX Computer Systems > Chapter 5 TFTP Service

5.2: Configuring tftpd

MPE documents

Complete PDF

 

Table of Contents

Glossary

Index

 

⇓ Page Bottom

⇑ Page Top

  

Overview of tftpd

Starting tftpd

To configure tftpd, you will edit two files: the services file, which lists the individual services that comprise the suite of Internet Services, and the inetd configuration file, which informs the Internet daemon about running tftpd on this system. These tasks are explained in the next sections.

Editing the Services File

The services file associates official service names and aliases with the port number and protocol the services use. To enable tftpd, you must update the services file. Perform the following:

  1. Open the services file with an MPE text editor. You may edit the /etc/services file from the POSIX shell or the SERVICES.NET.SYS file from MPE/iX, whichever you prefer. Both names should point to the same file.

  2. Verify that the following line exists in the file or add it if it does not:

    tftp 69/udp # Trivial File Transfer Protocol

  3. If the line already exists in the file and it is preceded by a pound symbol (#), delete the symbol and any spaces before the service name to enable the service.

  4. Save the file and exit the editor program.

Adding TFTP Service to inetd Configuration

The configuration file for inetd determines which installed Internet Services are available to users. To add tftpd to your system, you will need to edit this configuration file, then have inetd re-read the configuration. To do so:

  1. Open the inetd configuration file with a text editor. You may edit the /etc/inetd.conf file from the POSIX shell or the INETDCNF.NET.SYS file from MPE/iX, whichever you prefer. Both names point to the same file.

  2. Verify that the following line exists in the file or add it if it does not:

    tftp dgram udp wait USER.TFTP /SYS/NET/TFTPD tftpd

  3. If the line already exists in the file and it is preceded by a pound symbol (#), delete the symbol and any spaces before the service name to enable the service.

  4. Save the file and exit the editor program.

There are two options in the tftpd entry, [user] and [path], which are explained in the next two sections. For more detailed information about editing the configuration file, read Chapter 2 "Internet Daemon"

Specifying the TFTP User

The Internet daemon runs tftpd as the user specified in the [user] parameter of its entry in the inetd configuration file. For example, this entry instructs inetd to run the TFTP server as USER.TFTP:

tftp dgram udp wait USER.TFTP /SYS/NET/TFTPD tftpd

Hewlett-Packard recommends that you run tftpd this way, and that you use the following steps to create the TFTP account and two user identifications, USER.TFTP and MGR.TFTP, with the appropriate capabilities:
  1. If necessary, log onto the system as MANAGER.SYS or to another user identity that has been assigned SM capability.

  2. Create the TFTP account by entering the following command at the CI prompt:

    :NEWACCT TFTP,MGR;CAP=AM,PH,DS,ND,SF,IA,BA

  3. Create the new user of the TFTP account with a home directory of TFTPDIR by entering the following command at the CI prompt:

    :NEWUSER USER.TFTP;cap=BA,PH,DS;home=TFTPDIR

    When a client accesses tftpd it will first look for the file in the home group TFTPDIR.

  4. Create the home directory TFTPDIR by entering the following command at the CI prompt:

    :NEWGROUP TFTPDIR.TFTP

  5. Modify the new manager of the TFTP account by entering the following command at the CI prompt:

    :ALTUSER MGR.TFTP;cap= PH,DS,ND,SF,IA,BA
For security reasons, USER.TFTP is not assigned ND, SF, PM or SM capabilities. This way USER.TFTP can be used to run tftpd while MGR.TFTP, who is assigned some of these capabilities, can control which files are placed in the TFTPDIR group.

Specifying a Search Path

As an option, you can use the [path] parameter in the inetd configuration file entry to specify the list of files or directories that are available to TFTP clients. For example, if you would like to have the /tmp and /bin directories available to TFTP clients in addition to the home group of the TFTP user, edit the line to look like this:

tftp dgram udp wait USER.TFTP /SYS/NET/TFTPD tftpd /tmp /bin

When a file is requested by a TFTP client, tftpd first looks for a file relative to the home directory of the user specified in the inetd configuration file. If it does not find the file there, it then checks to see if the following two conditions are met:
  • File requested is at or below [path].

  • User specified in the inetd configuration file (in the previous examples, USER.TFTP) has access to the file.
When invoked with no path arguments, tftpd cannot follow symbolic links that refer to paths outside of the home directory of the user specified in the inetd configuration file.

Permission to Retrieve Files

If permission is given to remote systems to retrieve a file through TFTP, then the file must be readable by the user specified in the inetd configuration file. If permission is given to remote systems to transmit a file through TFTP, then the file must already exist and be writable by the user specified in the inetd configuration file.


Overview of tftpd

Starting tftpd