Problem with tftp server

Jerry Geis jerry.geis at gmail.com
Sun Jan 30 00:14:38 UTC 2022 

On Sat, Jan 29, 2022 at 6:51 PM R C <cjvijf at gmail.com> wrote:

>
> On 1/29/22 16:34, Jerry Geis wrote:
>
>
>
> On Sat, Jan 29, 2022 at 5:32 PM R C <cjvijf at gmail.com> wrote:
>
>>
>> On 1/29/22 15:01, Jerry Geis wrote:
>>
>>
>>
>> On Sat, Jan 29, 2022 at 1:41 PM R C <cjvijf at gmail.com> wrote:
>>
>>>
>>> On 1/29/22 08:10, Jerry Geis wrote:
>>>
>>>
>>>
>>> On Fri, Jan 28, 2022 at 5:24 PM R C <cjvijf at gmail.com> wrote:
>>>
>>>>
>>>> On 1/28/22 15:07, Tommy Trussell wrote:
>>>>
>>>> On Fri, Jan 28, 2022 at 12:26 PM Jerry Geis <jerry.geis at gmail.com>
>>>> wrote:
>>>>
>>>>>
>>>>>
>>>>> On Thu, Jan 27, 2022 at 11:03 PM Tommy Trussell <
>>>>> tommy.trussell at gmail.com> wrote:
>>>>>
>>>>>>
>>>>>> I have not used tftp in awhile, but have you checked the permissions
>>>>>> on the file "jerry" in /tftpboot ? The file may be invisible to the daemon
>>>>>> due to the wrong group or file permissions.
>>>>>>
>>>>>> You might also try to put a different file onto the server using tftp
>>>>>> and see what permissions the resulting file has.
>>>>>>
>>>>>> The man page for your version of tftpd will likely contain some
>>>>>> useful information.
>>>>>>
>>>>>>
>>>>>> HI Tommy,
>>>>>
>>>>> The file has permission:
>>>>> -rw-r--r-- 1 root    root         8 Nov 21 20:11 jerry
>>>>>
>>>>> The directory has:
>>>>> drwxrwxrwx   2 root root      12288 Nov 21 20:11 tftpboot
>>>>>
>>>>
>>>> How do you start the tftp service/server?   If not mistaken, by default
>>>> it expects the tftpboot directory in /var/lib (/var/lib/tftpboot)  when you
>>>> start the server/service  the -s option tells it where to find it's root
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>> Seems like that should be readble by all?
>>>>>
>>>>> Thanks
>>>>> Jerry
>>>>>
>>>>
>>>> I was under the impression that most implementations of tftp are very
>>>> picky about the permissions and I would think they would NOT share any
>>>> files owned by root.
>>>>
>>>> For example see if there's a tftp group already created and maybe chown
>>>> the file (and maybe its directory) to tftp:tftp ?
>>>>
>>>> Does the man page for your version of tftpd say anything about the
>>>> default permissions?
>>>>
>>>> Also I suggested you try using a client to put a file in the server's
>>>> directory. What permissions does it give that file? I would think it might
>>>> be the same permissions needed for reading a file.
>>>>
>>>> If you can't tell I'm stabbing in the dark but suggesting how I would
>>>> go about it. I ALWAYS start with the man page. The information might be
>>>> inscrutable, but there's usually some nugget of information that gets me
>>>> closer to understanding.
>>>>
>>>> --
>>>> ubuntu-users mailing list
>>>> ubuntu-users at lists.ubuntu.com
>>>> Modify settings or unsubscribe at:
>>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>>>
>>>
>>>
>>> hi All,
>>>
>>> I am starting the tftpd by xinetd.
>>>
>>>  more /etc/xinetd.d/tftp
>>> # default: off
>>> # description: The tftp server serves files using the trivial file
>>> transfer \
>>> # protocol.  The tftp protocol is often used to boot diskless \
>>> # workstations, download configuration files to network-aware printers, \
>>> # and to start the installation process for some operating systems.
>>> service tftp
>>> {
>>> socket_type = dgram
>>> protocol = udp
>>> wait = yes
>>> user = root
>>> server = /usr/sbin/in.tftpd
>>> server_args = -s /tftpboot
>>> disable = no
>>>
>>>
>>> I have disabled = yes    I never paid attentio to that
>>>
>>> I use tftp for  configuring cisco switches and routers.  I recall having
>>> a permissions issue.  But I first set everything up, in separate
>>> subdirectories,  then restarted  the service and it 'just' started working.
>>>
>>> this is what I have (it's a RHEL/Centos box though, it still (Centos 7
>>> and RHEL 8)
>>>
>>>
>>> service tftp
>>> {
>>>     socket_type        = dgram
>>>     protocol        = udp
>>>     wait            = yes
>>>     user            = root
>>>     server            = /usr/sbin/in.tftpd
>>>     server_args        = -s /var/lib/tftpboot
>>>     disable            = yes
>>>     per_source        = 11
>>>     cps            = 100 2
>>>     flags            = IPv4
>>> }
>>> # ls -al /var/lib/tftpboot/
>>> total 4
>>> drwxr-xr-x   4 root root   33 Oct  1  2020 .
>>> drwxr-xr-x. 38 root root 4096 Feb 13  2021 ..
>>> drwxr-xr-x   4 root root   30 Oct  1  2020 backups
>>> drwxr-xr-x   2 root root  291 Jul  4  2021 dhcp
>>>
>>> # ls -al /var/lib/tftpboot/dhcp/static-bindings-hw-1
>>> -rw-r--r-- 1 root root 3017 Jul  4  2021
>>> /var/lib/tftpboot/dhcp/static-bindings-hw-1
>>>
>>>
>>> that works on both machines.
>>>
>>>
>>> Does it work with the firewall stopped?
>>>
>>>
>>>
>>> per_source = 11
>>> cps = 100 2
>>> flags = IPv4
>>> }
>>>
>>>
>>>
>>> I tried to "put" a file - and same thing happens that I get a timeout...
>>> (good thought).
>>>
>>> I also tried to change the permsissions to be non-root - no difference.
>>> Still Timeout.
>>>
>>> I looked at the man page for tftpd. nothing there about permissions and
>>> not thing there other than option -n and -s .
>>>
>>> Thoughts?
>>>
>>> Jerry
>>>
>>>
>>
>> So on CentOS I have not problem with tftpd... I use xinetd the same way
>> and it works.
>>
>>
>> I tried to disable the firewalld "systemctl stop firewalld" and made no
>> difference.
>>
>> Jerry
>>
>>
>> on the centos box you have selinux running?  and on the ubuntu one
>> apparmor or selinux?
>>
>>
>> I am wondering if it is actually listening on the interface you're trying
>> to connect to, what does netstat say?  (netstat -una | 69 or so, I believe
>> it shows what address it is listening on)
>>
>> can you connect with a tftpclient, on the same box, to  the address of
>> that interface?  you should be able to connect to that address (as well as
>> to localhost/127.0.0.0)
>>
>> Ron
>> --
>> ubuntu-users mailing list
>> ubuntu-users at lists.ubuntu.com
>> Modify settings or unsubscribe at:
>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>
>
>
> Hello -
>
> netstat -una | grep 69
> udp        0      0 0.0.0.0:69              0.0.0.0:*
>
> selinux is not installed
>
> apparmor module is loaded.
>
> 37 profiles are loaded.
> 37 profiles are in enforce mode.
>
> yes locally the tftp works - its external it does not.
>
> it looks like it is listening on all interfaces, and I assume with
> 'locally tftp works' you mean all network interfaces on the box.
>
> can you temporary stop apparmor, and see what happens? (or temporary both
> the firewall and apparmor)?
>
>
>
> Jerry
>
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users



I did:
systemctl stop apparmor
systemctl stop firewalld

did :
tftp 10.x.x.x
get jerry
and get the file right away.

login into a different computer
tftp 10.x.x.x
get jerry
and timeout

Thanks

Jerry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20220129/bb63b291/attachment.html>

More information about the ubuntu-users mailing list