DaZZa wrote:
Sep 24 09:18:03 fred in.tftpd[29931]: cannot set groups for user nobody
Perhaps you need to pass the user and group in parameters
to in.tftpd rather than as parameters to xinetd. See the -u
parameter and the manual page in.tftpd(8), which says:
-u username
Specify the username which tftpd will run as; the
default is "nobody". The user ID, group ID, and (if
possible on the platform) the supplementary group IDs
will be set to the ones specified in the system
permission database for this username.
which implies that without -u the daemon will run as the
"nobody" user.
I'm not sure in.tftpd could even bind to the listening port
unless it starts as the root user.
If you are running a recent Linux (with IPv6 support)
you may also need to ensure that xinetd doesn't try to
bind the IPv4-only TFTP protocol to a IPv6 socket.
See the "flags" parameter in xinetd.conf(5).
An example from a running TFTP server is:
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /srv/tftpboot -c -vv -u tftp -p -U 007
disable = no
per_source = 11
cps = 100 2
flags = IPv4
}
On my distro xinetd also references TCP Wrappers, so /etc/hosts.allow
says
in.tftpd: ALL
On my distro a firewall also exists and a iptables rule had to be added
for the TFTP protocol (which runs over UDP). That requires the tftp connection
tracking module nf_conntrack_tftp to be installed so that RELATED rules can
be matched.
--
Glen Turner <http://www.gdt.id.au/~gdt/>
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
