dobriain
asked on
inetd.conf
I wish to setup the Linux box to allow both TFTP and FTP in and out.
TFTP --> /opt/local/tftp only both get and put
FTP (proFTPd) --> /opt/local/ftp only both get and put
This is the entry I have tried in inetd.conf
--------------------------
tftp dgram udp wait nobody /usr/sbin/tcpd in.tftpd -cs /usr/local/tftp
ftp stream tcp nowait root /usr/sbin/tcpd proftpd
--------------------------
For TFTP I thought the "-c" option would allow files to be created while the "-s" would change to the /usr/local/tftp automatically.
TFTP --> /opt/local/tftp only both get and put
FTP (proFTPd) --> /opt/local/ftp only both get and put
This is the entry I have tried in inetd.conf
--------------------------
tftp dgram udp wait nobody /usr/sbin/tcpd in.tftpd -cs /usr/local/tftp
ftp stream tcp nowait root /usr/sbin/tcpd proftpd
--------------------------
For TFTP I thought the "-c" option would allow files to be created while the "-s" would change to the /usr/local/tftp automatically.
ASKER
tftp dgram udp wait nobody /usr/sbin/tcpd in.tftpd -s /usr/local/tftp
I changed the inetd.conf entry as above and -HUP'ed the inetd process. I can tftp files from the Linux box /usr/local/tftp/ however I cannot tftp to /usr/local/tftp/
This is the permissions set on the /usr/local/tftp directory
drwxrwxrwx 2 root root 4096 Feb 5 17:11 tftp
ls -la /usr/local/tftp/
drwxrwxrwx 2 root root 4096 Feb 5 17:11 .
drwxr-xr-x 10 root root 4096 Feb 1 09:52 ..
-rw-r--r-- 1 root root 63 Feb 5 17:11 .directory
-rw-rw-rw- 1 root root 0 Feb 5 17:13 BRIDGE
-rw-rw-rw- 1 root root 0 Feb 5 17:10 ob
I changed the inetd.conf entry as above and -HUP'ed the inetd process. I can tftp files from the Linux box /usr/local/tftp/ however I cannot tftp to /usr/local/tftp/
This is the permissions set on the /usr/local/tftp directory
drwxrwxrwx 2 root root 4096 Feb 5 17:11 tftp
ls -la /usr/local/tftp/
drwxrwxrwx 2 root root 4096 Feb 5 17:11 .
drwxr-xr-x 10 root root 4096 Feb 1 09:52 ..
-rw-r--r-- 1 root root 63 Feb 5 17:11 .directory
-rw-rw-rw- 1 root root 0 Feb 5 17:13 BRIDGE
-rw-rw-rw- 1 root root 0 Feb 5 17:10 ob
Just trying to clarify... When you trying to upload you're doing a "put BRIDGE" and it fails. It might be helpful to know which Linux and tftpd you're using and what client.
ASKER
I am using SuSE Linux 6.3 and the client is actually a 3COM NETBuilder router. The process I am using on the router works fine with a simple TFTP server on a Windows 95 machine
command on the EOS running on the NETBuilder is
copy a:/primary/<file> <IP address>:/usr/local/tftp/<
i.e.
copy a:/primary/BRIDGE 192.168.200.2:/usr/local/t
command on the EOS running on the NETBuilder is
copy a:/primary/<file> <IP address>:/usr/local/tftp/<
i.e.
copy a:/primary/BRIDGE 192.168.200.2:/usr/local/t
ASKER
I am using SuSE Linux 6.3 and the client is actually a 3COM NETBuilder router. The process I am using on the router works fine with a simple TFTP server on a Windows 95 machine
command on the EOS running on the NETBuilder is
copy a:/primary/<file> <IP address>:/usr/local/tftp/<
i.e.
copy a:/primary/BRIDGE 192.168.200.2:/usr/local/t
command on the EOS running on the NETBuilder is
copy a:/primary/<file> <IP address>:/usr/local/tftp/<
i.e.
copy a:/primary/BRIDGE 192.168.200.2:/usr/local/t
ASKER
Note doing a TFTP PUT locally doesn't work either
bash-2.03# tftp 192.168.200.2
tftp> put services /usr/local/tftp/ob
bash-2.03# tftp 192.168.200.2
tftp> put services /usr/local/tftp/ob
The failure of the command to work locally seems particularly significant. Can you do a get locally?
Using RedHat 6.1 and "Linux netkit-tftp 0.15", I've just set up a tftp server using your inetd.conf line without the "-s" line as it's not needed in that version. I can get/put files subject to the standard tftp rules without any problems, both locally and remotely.
Is there anything interesting in /var/log/messages (or where ever SuSE stores syslog output)?
Using RedHat 6.1 and "Linux netkit-tftp 0.15", I've just set up a tftp server using your inetd.conf line without the "-s" line as it's not needed in that version. I can get/put files subject to the standard tftp rules without any problems, both locally and remotely.
Is there anything interesting in /var/log/messages (or where ever SuSE stores syslog output)?
ASKER
Yes I can do a GET locally
tftp> get /usr/local/tftp/ob.ob test3
Associated /var/log/messages entry
Feb 5 20:01:51 riomhaire in.tftpd[883]: connect from 127.0.0.1
tftp> put test3 /usr/local/tftp/ob.ob
Associated /var/log/messages entry
Feb 5 20:04:29 riomhaire in.tftpd[891]: connect from 127.0.0.1
However TFTP simply hangs without doing the transfer.
GET from the NETBuilder
NETBuilder # copy 192.168.200.2:/usr/local/t
Copying 192.168.200.2:/usr/local/t
0 bytes received. File transfer complete.
PUT from NETBuilder
NETBuilder # copy a:/PRIMARY/OB2.OB2 192.168.200.2:/usr/local/t
Copying a:/PRIMARY/OB2.OB2 to 192.168.200.2:/usr/local/t
TFTP: Server is not responding.
And the file ob.ob does exist on the server
drwsrwsrwx 2 nobody nogroup 4096 Feb 5 19:18 .
drwxr-xr-x 10 root root 4096 Feb 1 09:52 ..
-rw-rw-rw- 1 root root 0 Feb 5 20:07 ob.ob
tftp> get /usr/local/tftp/ob.ob test3
Associated /var/log/messages entry
Feb 5 20:01:51 riomhaire in.tftpd[883]: connect from 127.0.0.1
tftp> put test3 /usr/local/tftp/ob.ob
Associated /var/log/messages entry
Feb 5 20:04:29 riomhaire in.tftpd[891]: connect from 127.0.0.1
However TFTP simply hangs without doing the transfer.
GET from the NETBuilder
NETBuilder # copy 192.168.200.2:/usr/local/t
Copying 192.168.200.2:/usr/local/t
0 bytes received. File transfer complete.
PUT from NETBuilder
NETBuilder # copy a:/PRIMARY/OB2.OB2 192.168.200.2:/usr/local/t
Copying a:/PRIMARY/OB2.OB2 to 192.168.200.2:/usr/local/t
TFTP: Server is not responding.
And the file ob.ob does exist on the server
drwsrwsrwx 2 nobody nogroup 4096 Feb 5 19:18 .
drwxr-xr-x 10 root root 4096 Feb 1 09:52 ..
-rw-rw-rw- 1 root root 0 Feb 5 20:07 ob.ob
Wow, what an interesting problem...
My feeling at this point, based of the behaviour when doing local gets/puts, is that your tftpd might be broken. Getting a "permission denied" would point to a lack of write privs to the file, but a hang shouldn't ever happen.
Although it really shouldn't matter, the only things I can think of to suggest at this point, short of installing a different tftpd, would be:
1) Move the tftp dir to the root of the filesystem, /tftp or /tftpboot comes to mind.
2) Change the userid in the inetd.conf from nobody to root.
If neither of those ideas work, and I don't really have any expectation that they will, I'd download a "known good" tftpd, either source & build it, or a binary, and try that.
My feeling at this point, based of the behaviour when doing local gets/puts, is that your tftpd might be broken. Getting a "permission denied" would point to a lack of write privs to the file, but a hang shouldn't ever happen.
Although it really shouldn't matter, the only things I can think of to suggest at this point, short of installing a different tftpd, would be:
1) Move the tftp dir to the root of the filesystem, /tftp or /tftpboot comes to mind.
2) Change the userid in the inetd.conf from nobody to root.
If neither of those ideas work, and I don't really have any expectation that they will, I'd download a "known good" tftpd, either source & build it, or a binary, and try that.
ASKER
They didn't, where can I download one from ???
The source rpm for Linux netkit-tftp 0.15 can be found at: ftp://download.sourceforge.net/pub/linux/distributions/redhat/redhat/redhat-6.1/SRPMS/SRPMS/
Or at just about any other RedHat Mirror. It's a pretty vanilla app, so it shouldn't matter which Linux it's used on. Just get the .tar.gz out of the rpm, untar that and cd to the dir, "source configure" and make. Save your existing tftpd which I think is in /usr/sbin and copy the tftpd executable (./tftpp/tftpd) to /usr/sbin/in.tftpd. Then remove the "-s" flag from inetd.conf, HUP inetd, and try it.
Or at just about any other RedHat Mirror. It's a pretty vanilla app, so it shouldn't matter which Linux it's used on. Just get the .tar.gz out of the rpm, untar that and cd to the dir, "source configure" and make. Save your existing tftpd which I think is in /usr/sbin and copy the tftpd executable (./tftpp/tftpd) to /usr/sbin/in.tftpd. Then remove the "-s" flag from inetd.conf, HUP inetd, and try it.
ASKER
I actually found a really good one which is pretty easy to configure at
http://www.ohse.de/uwe/software/utftpd.html
It works fine for what I want to do.
Thanks,
Diarmuid
http://www.ohse.de/uwe/software/utftpd.html
It works fine for what I want to do.
Thanks,
Diarmuid
ASKER
How do I give you the points ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
dobriain:
This old question needs to be finalized -- accept an answer, split points, or get a refund. For information on your options, please click here-> http:/help/closing.jsp#1
EXPERTS:
Post your closing recommendations! No comment means you don't care.
This old question needs to be finalized -- accept an answer, split points, or get a refund. For information on your options, please click here-> http:/help/closing.jsp#1
EXPERTS:
Post your closing recommendations! No comment means you don't care.
The "-s" option places the daemon in secure mode. The directory change to the specified directory must succeed and tftp users aren't then allowed to access files outside of the tftp directory. Naturally this implies that whatever user tftpd runs as (nobody in your case) must have read/write permission to the tftp directory.
Since tftp doesn't have a user authentication mechanism (big security implications), access may only occur to/from files/dirs that are publically accessible. Read access to the world must be set on files to be downloaded to the client. Files may only be uploaded if the file already exists and is world writable.