Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!cis.ohio-state.edu!pacific.mps.ohio-state.edu!linac!Firewall!uunet!mcsun!cernvax!chx400!bernina!prl From: prl@iis.ethz.ch (Peter Lamb) Newsgroups: comp.dcom.sys.cisco Subject: Re: tftp load problem, sts10 Keywords: sts10 tftp Message-ID: Date: 14 Jun 91 09:41:09 GMT References: <2185@kgw2.XETRON.COM> Sender: news@bernina.ethz.ch (USENET News System) Organization: Swiss Federal Institute of Technology (ETH), Zurich, CH Lines: 63 Nntp-Posting-Host: etzj-gw todd@Quotron.COM (Todd Booth) writes: >A common mistake is not to enable tftp in /etc/inet.conf >which should read something like the following >tftp dgram udp wait bin /etc/tftpd tftpd >Be sure and wake up inetd to this fact - kill -1 ... If you are on a machine which is reachable from the Internet, and don't have shadow password files, this donates /etc/passwd to anyone who wants it. On SunOS, a better idea is: tftp dgram udp wait root /usr/etc/in.tftpd in.tftpd -s /tft pboot which does a chroot to /tftpboot on startup. Remember that this changes the client's view of the filesystem. If your tftp daemon doesn't have this, then you can use the wrapper program: #include main(argc, argv) char **argv; { if(argc != 2) { fprintf(stderr, "Usage: %s directory\n", argv[0]); exit(1); } if(chdir(argv[1]) < 0) { perror(argv[1]); exit(1); } if(chroot(".") < 0) { perror(argv[1]); exit(1); } execl("/etc/tftpd", "tftpd", 0); perror("/etc/tftpd"); exit(1); } Install this as /etc/tftpd.chroot, or similar, copy /etc/tftpd to /tftpboot/etc/tftpd (remember that the chroot() changes the program's view of the filesystem), do chmod 700 /tftpboot/etc/tftpd, and use tftp dgram udp wait bin /etc/tftpd.chroot tftpd /tftpboot in inetd.conf. Naturally, you can also use directories other than /tftpboot. Remember that the directory named will appear to be "/" to any clients. -- Peter Lamb uucp: uunet!mcsun!ethz!prl eunet: prl@iis.ethz.ch Tel: +411 256 5241 Integrated Systems Laboratory ETH-Zentrum, 8092 Zurich