Problem with tftp server

R C cjvijf at gmail.com
Sat Jan 29 23:49:36 UTC 2022 

On 1/29/22 16:34, Jerry Geis wrote:
>
>
> On Sat, Jan 29, 2022 at 5:32 PM R C <cjvijf at gmail.com> wrote:
>
>
>     On 1/29/22 15:01, Jerry Geis wrote:
>>
>>
>>     On Sat, Jan 29, 2022 at 1:41 PM R C <cjvijf at gmail.com> wrote:
>>
>>
>>         On 1/29/22 08:10, Jerry Geis wrote:
>>>
>>>
>>>         On Fri, Jan 28, 2022 at 5:24 PM R C <cjvijf at gmail.com> wrote:
>>>
>>>
>>>             On 1/28/22 15:07, Tommy Trussell wrote:
>>>>             On Fri, Jan 28, 2022 at 12:26 PM Jerry Geis
>>>>             <jerry.geis at gmail.com> wrote:
>>>>
>>>>
>>>>
>>>>                 On Thu, Jan 27, 2022 at 11:03 PM Tommy Trussell
>>>>                 <tommy.trussell at gmail.com> wrote:
>>>>
>>>>
>>>>                     I have not used tftp in awhile, but have you
>>>>                     checked the permissions on the file "jerry" in
>>>>                     /tftpboot ? The file may be invisible to the
>>>>                     daemon due to the wrong group or file permissions.
>>>>
>>>>                     You might also try to put a different file onto
>>>>                     the server using tftp and see what permissions
>>>>                     the resulting file has.
>>>>
>>>>                     The man page for your version of tftpd will
>>>>                     likely contain some useful information.
>>>>
>>>>
>>>>                 HI Tommy,
>>>>
>>>>                 The file has permission:
>>>>                 -rw-r--r-- 1 root    root         8 Nov 21 20:11 jerry
>>>>
>>>>                 The directory has:
>>>>                 drwxrwxrwx   2 root root      12288 Nov 21 20:11
>>>>                 tftpboot
>>>>
>>>
>>>             How do you start the tftp service/server?   If not
>>>             mistaken, by default it expects the tftpboot directory
>>>             in /var/lib (/var/lib/tftpboot)  when you start the
>>>             server/service  the -s option tells it where to find
>>>             it's root
>>>
>>>
>>>
>>>
>>>>
>>>>                 Seems like that should be readble by all?
>>>>
>>>>                 Thanks
>>>>                 Jerry
>>>>
>>>>
>>>>             I was under the impression that most implementations of
>>>>             tftp are very picky about the permissions and I would
>>>>             think they would NOT share any files owned by root.
>>>>
>>>>             For example see if there's a tftp group already created
>>>>             and maybe chown the file (and maybe its directory) to
>>>>             tftp:tftp ?
>>>>
>>>>             Does the man page for your version of tftpd say
>>>>             anything about the default permissions?
>>>>
>>>>             Also I suggested you try using a client to put a file
>>>>             in the server's directory. What permissions does it
>>>>             give that file? I would think it might be the same
>>>>             permissions needed for reading a file.
>>>>
>>>>             If you can't tell I'm stabbing in the dark but
>>>>             suggesting how I would go about it. I ALWAYS start with
>>>>             the man page. The information might be inscrutable, but
>>>>             there's usually some nugget of information that gets me
>>>>             closer to understanding.
>>>>
>>>             -- 
>>>             ubuntu-users mailing list
>>>             ubuntu-users at lists.ubuntu.com
>>>             Modify settings or unsubscribe at:
>>>             https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>>>
>>>
>>>
>>>         hi All,
>>>
>>>         I am starting the tftpd by xinetd.
>>>
>>>          more /etc/xinetd.d/tftp
>>>         # default: off
>>>         # description: The tftp server serves files using the
>>>         trivial file transfer \
>>>         # protocol.  The tftp protocol is often used to boot diskless \
>>>         # workstations, download configuration files to
>>>         network-aware printers, \
>>>         # and to start the installation process for some operating
>>>         systems.
>>>         service tftp
>>>         {
>>>         socket_type = dgram
>>>         protocol = udp
>>>         wait = yes
>>>         user = root
>>>         server = /usr/sbin/in.tftpd
>>>         server_args = -s /tftpboot
>>>         disable = no
>>
>>
>>         I have disabled = yes    I never paid attentio to that
>>
>>         I use tftp for  configuring cisco switches and routers.  I
>>         recall having a permissions issue.  But I first set
>>         everything up, in separate subdirectories,  then restarted 
>>         the service and it 'just' started working.
>>
>>         this is what I have (it's a RHEL/Centos box though, it still
>>         (Centos 7 and RHEL 8)
>>
>>
>>         service tftp
>>         {
>>             socket_type        = dgram
>>             protocol        = udp
>>             wait            = yes
>>             user            = root
>>             server            = /usr/sbin/in.tftpd
>>             server_args        = -s /var/lib/tftpboot
>>             disable            = yes
>>             per_source        = 11
>>             cps            = 100 2
>>             flags            = IPv4
>>         }
>>
>>         # ls -al /var/lib/tftpboot/
>>         total 4
>>         drwxr-xr-x   4 root root   33 Oct  1  2020 .
>>         drwxr-xr-x. 38 root root 4096 Feb 13  2021 ..
>>         drwxr-xr-x   4 root root   30 Oct  1  2020 backups
>>         drwxr-xr-x   2 root root  291 Jul  4  2021 dhcp
>>
>>         # ls -al /var/lib/tftpboot/dhcp/static-bindings-hw-1
>>         -rw-r--r-- 1 root root 3017 Jul  4  2021
>>         /var/lib/tftpboot/dhcp/static-bindings-hw-1
>>
>>
>>         that works on both machines.
>>
>>
>>         Does it work with the firewall stopped?
>>
>>
>>
>>>         per_source = 11
>>>         cps = 100 2
>>>         flags = IPv4
>>>         }
>>>
>>>
>>>
>>>         I tried to "put" a file - and same thing happens that I get
>>>         a timeout... (good thought).
>>>
>>>         I also tried to change the permsissions to be non-root - no
>>>         difference. Still Timeout.
>>>
>>>         I looked at the man page for tftpd. nothing there about
>>>         permissions and not thing there other than option -n and -s .
>>>
>>>         Thoughts?
>>>
>>>         Jerry
>>
>>
>>
>>     So on CentOS I have not problem with tftpd... I use xinetd the
>>     same way and it works.
>>
>>
>>     I tried to disable the firewalld "systemctl stop firewalld" and
>>     made no difference.
>>
>>     Jerry
>
>
>     on the centos box you have selinux running?  and on the ubuntu one
>     apparmor or selinux?
>
>
>     I am wondering if it is actually listening on the interface you're
>     trying to connect to, what does netstat say?  (netstat -una | 69
>     or so, I believe it shows what address it is listening on)
>
>     can you connect with a tftpclient, on the same box, to the address
>     of that interface?  you should be able to connect to that address
>     (as well as to localhost/127.0.0.0 <http://127.0.0.0>)
>
>     Ron
>
>     -- 
>     ubuntu-users mailing list
>     ubuntu-users at lists.ubuntu.com
>     Modify settings or unsubscribe at:
>     https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>
>
>
> Hello -
>
> netstat -una | grep 69
>
> udp00 0.0.0.0:69 <http://0.0.0.0:69>0.0.0.0:*
>
> selinux is not installed
>
> apparmor module is loaded.
>
> 37 profiles are loaded.
>
> 37 profiles are in enforce mode.
>
> yes locally the tftp works - its external it does not.

it looks like it is listening on all interfaces, and I assume with 
'locally tftp works' you mean all network interfaces on the box.

can you temporary stop apparmor, and see what happens? (or temporary 
both the firewall and apparmor)?


>
> Jerry
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20220129/b7aee535/attachment.html>

More information about the ubuntu-users mailing list