subject:"\[SLUG\] TFTP server problems."

[SLUG] TFTP server problems.

2008-09-24 Thread DaZZa

Folks.

Distro is OpenSUSE 11, X64

I'm trying to get a box to allow inbound tftp connections. As far as I
can tell, the config is right for xinet.d. Config file is as follows

service tftp
{
socket_type = dgram
protocol= udp
wait= yes
user= jffnms
group   = www
server  = /usr/sbin/in.tftpd
server_args = -s /opt/jffnms/tftpd/
}

However, every time I try to connect to the tftp service, I get the
following error in my logs

Sep 24 09:18:03 fred in.tftpd[29931]: cannot set groups for user nobody

I think this means the service is trying to run as user nobody -
despite the config file telling it to run as another user.

Anyone got any clue why? Or can point out what I've stuffed up?

TIA

DaZZa
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] TFTP server problems.

2008-09-24 Thread Henare Degan

On Wed, Sep 24, 2008 at 09:18, DaZZa <[EMAIL PROTECTED]> wrote:
>
> Folks.
>
> Distro is OpenSUSE 11, X64
>
> I'm trying to get a box to allow inbound tftp connections. As far as I
> can tell, the config is right for xinet.d. Config file is as follows
>
> service tftp
> {
>socket_type = dgram
>protocol= udp
>wait= yes
>user= jffnms
>group   = www
>server  = /usr/sbin/in.tftpd
>server_args = -s /opt/jffnms/tftpd/
> }
>
> However, every time I try to connect to the tftp service, I get the
> following error in my logs
>
> Sep 24 09:18:03 fred in.tftpd[29931]: cannot set groups for user nobody
>
> I think this means the service is trying to run as user nobody -
> despite the config file telling it to run as another user.
>
> Anyone got any clue why? Or can point out what I've stuffed up?
>
> TIA
>
> DaZZa

Hi DaZZa,

Are you using YaST2 to configure this? (i.e. the TFTP  and/or the
xinetd YaST modules) I ask because YaST is liable to overwrite the
config if you manually update /etc/xinetd.d/tftp and YaST reruns.

You should be in 'just works' territory if you're using YaST.

Cheers,

h
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] TFTP server problems.

2008-09-24 Thread Henare Degan

On Thu, Sep 25, 2008 at 16:15, DaZZa <[EMAIL PROTECTED]> wrote:
> I don't even know what that error means - I can only assume it's
> telling me that the in.tftpd process is running as user "nobody"
> despite me telling it to run as jffnms - but I'm not even 100% sure of
> that.
>
> DaZZa
>

Odd. Apparently that problem is all over Google like a mad
penguin's... you know the rest.

This thread[0] suggests that tftpd cannot run as an arbitrary user
(without providing a reason), have you tried keeping the defaults? (of
running as root AFAIK).

h

[0] http://ubuntuforums.org/showthread.php?t=339130
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] TFTP server problems.

2008-09-24 Thread Glen Turner


DaZZa wrote:


Sep 24 09:18:03 fred in.tftpd[29931]: cannot set groups for user nobody


Perhaps you need to pass the user and group in parameters
to in.tftpd rather than as parameters to xinetd. See the -u
parameter and the manual page in.tftpd(8), which says:

   -u username
  Specify the username which tftpd will run  as;  the
  default is "nobody".  The user ID, group ID, and (if
  possible on the platform) the supplementary group IDs
  will be set to the ones specified in the system
  permission database for this username.

which implies that without -u the daemon will run as the
"nobody" user.

I'm not sure in.tftpd could even bind to the listening port
unless it starts as the root user.

If you are running a recent Linux (with IPv6 support)
you may also need to ensure that xinetd doesn't try to
bind the IPv4-only TFTP protocol to a IPv6 socket.
See the "flags" parameter in xinetd.conf(5).

An example from a running TFTP server is:

service tftp
{
socket_type = dgram
protocol= udp
wait= yes
user= root
server  = /usr/sbin/in.tftpd
server_args = -s /srv/tftpboot -c -vv -u tftp -p -U 007
disable = no
per_source  = 11
cps = 100 2
flags   = IPv4
}

On my distro xinetd also references TCP Wrappers, so /etc/hosts.allow
says
  in.tftpd: ALL

On my distro a firewall also exists and a iptables rule had to be added
for the TFTP protocol (which runs over UDP). That requires the tftp connection
tracking module nf_conntrack_tftp to be installed so that RELATED rules can
be matched.

--
 Glen Turner   
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] TFTP server problems.

2008-09-30 Thread DaZZa

On Thu, Sep 25, 2008 at 4:43 PM, Glen Turner <[EMAIL PROTECTED]> wrote:
> service tftp
> {
>socket_type = dgram
>protocol= udp
>wait= yes
>user= root
>server  = /usr/sbin/in.tftpd
>server_args = -s /srv/tftpboot -c -vv -u tftp -p -U 007
>disable = no
>per_source  = 11
>cps = 100 2
>flags   = IPv4
> }

That seems to have been the issue. I was changing the "user ="
parameter in the tftp config file for xinetd - however, I had to set
that back to root and pass the -u parameter in the server args.

Once I did that, lo and behold, it worked.

Thanks for the push in the right direction.

DaZZa
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] TFTP server problems.

Re: [SLUG] TFTP server problems.

Re: [SLUG] TFTP server problems.

Re: [SLUG] TFTP server problems.

Re: [SLUG] TFTP server problems.

5 matches

Site Navigation

Mail list logo

Footer information