HP 3000 Manuals HP 3000 Manuals
Configuring tftpd
To configure tftpd, you will edit two files: the services file, which
lists the individual services that comprise the suite of Internet
Services, and the inetd configuration file, which informs the Internet
daemon about running tftpd on this system. These tasks are explained in
the next sections.
Editing the services file
The services file associates official service names and aliases with the
port number and protocol the services use. To enable tftpd, you must
update the services file. To do so:
1. Open the services file with a text editor. You may edit the
/etc/services file from the POSIX shell or the SERVICES.NET.SYS
file from MPE/iX, whichever you prefer. Both names should point
to the same file.
2. Verify that the following line exists in the file or add it if it
does not:
tftp 69/udp # Trivial File Transfer Protocol
3. If the line already exists in the file and it is preceded by a
pound symbol (#), delete the symbol and any spaces before the
service name to enable the service.
4. Save the file and exit the editor program.
Adding TFTP service to the inetd configuration
The configuration file for inetd determines which installed Internet
Services are available to users. To add tftpd to your system, you will
need to edit this configuration file, then have inetd re-read the
configuration. To do so:
1. Open the inetd configuration file with a text editor. You may
edit the /etc/inetd.conf file from the POSIX shell or the
INETDCNF.NET.SYS file from MPE/iX, whichever you prefer. Both
names point to the same file.
2. Verify that the following line exists in the file or add it if it
does not:
tftp dgram udp wait USER.TFTP /SYS/NET/TFTPD tftpd
3. If the line already exists in the file and it is preceded by a
pound symbol (#), delete the symbol and any spaces before the
service name to enable the service.
4. Save the file and exit the editor program.
5. Signal inetd to reread the configuration file by entering the
following command at the CI prompt:
:INETD.NET.SYS -c
Or you may enter this command from the POSIX shell:
$/etc/inetd -c
6. If you have added tftpd to the inetd configuration file while the
Internet daemon is not running, you must start inetd to start the
TFTP server. To do so, stream the job JINETD.NET.SYS from the CI
prompt.
:STREAM JINETD.NET.SYS
There are two options in the tftpd entry, [user] and [path], which are
explained in the next two sections. For more detailed information about
editing the configuration file, read "Adding new services to the inetd
configuration" in Chapter 2.
Specifying the TFTP user.
The Internet daemon runs tftpd as the user specified in the [user]
parameter of its entry in the inetd configuration file. For example,
this entry instructs inetd to run the TFTP server as USER.TFTP:
tftp dgram udp wait USER.TFTP /SYS/NET/TFTPD tftpd
Hewlett-Packard recommends that you run tftpd this way, and that you
use the following steps to create the TFTP account and two user
identifications, USER.TFTP and MGR.TFTP, with the appropriate
capabilities:
1. If necessary, log onto the system as MANAGER.SYS or to another
user identity that has been assigned SM capability.
2. Create the TFTP account by entering the following command at the
CI prompt:
:NEWACCT TFTP,MGR;CAP=AM,PH,DS,ND,SF,IA,BA
3. Create the new user of the TFTP account with a home directory of
TFTPDIR by entering the following command at the CI prompt:
:NEWUSER USER.TFTP;cap=BA,PH,DS;home=TFTPDIR
When a client accesses tftpd it will first look for the file in
the home group TFTPDIR.
4. Create the home directory TFTPDIR by entering the following
command at the CI prompt:
:NEWGROUP TFTPDIR
5. Create the new manager of the TFTP account by entering the
following command at the CI prompt:
:NEWUSER MGR.TFTP;cap= PH,DS,ND,SF
For security reasons, USER.TFTP is not assigned ND, SF, PM or SM
capabilities. This way USER.TFTP can be used to run tftpd while
MGR.TFTP, who is assigned these capabilities, can control which files are
placed in the TFTPDIR group.
Specifying a search path.
As an option, you can use the [path...] parameter in the inetd
configuration file entry to specify the list of files or directories that
are available to TFTP clients. For example, if you would like to have
the /tmp and /bin directories available to TFTP clients in addition to
the home group of the TFTP user, edit the line to look like this:
tftp dgram udp wait USER.TFTP /SYS/NET/TFTPD tftpd /tmp /bin
When a file is requested by a TFTP client, tftpd first looks for a file
relative to the home directory of the user specified in the inetd
configuration file. If it does not find the file there, it then checks
to see if the following two conditions are met:
* the file requested is at or below [path].
* the user specified in the inetd configuration file (in the
previous examples, USER.TFTP) has access to the file.
When invoked with no path arguments, tftpd cannot follow symbolic links
that refer to paths outside of the home directory of the user specified
in the inetd configuration file.
Permisssion to retrieve files.
If permission is given to remote systems to retrieve a file through TFTP,
then the file must be readable by the user specified in the inetd
configuration file. If permission is given to remote systems to transmit
a file through TFTP, then the file must already exist and be writable by
the user specified in the inetd configuration file.