TFTP server problems.

Discussion:

DaZZa

2008-09-23 23:18:04 UTC

Folks.

Distro is OpenSUSE 11, X64

I'm trying to get a box to allow inbound tftp connections. As far as I
can tell, the config is right for xinet.d. Config file is as follows

service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = jffnms
group = www
server = /usr/sbin/in.tftpd
server_args = -s /opt/jffnms/tftpd/
}

However, every time I try to connect to the tftp service, I get the
following error in my logs

Sep 24 09:18:03 fred in.tftpd[29931]: cannot set groups for user nobody

I think this means the service is trying to run as user nobody -
despite the config file telling it to run as another user.

Anyone got any clue why? Or can point out what I've stuffed up?

TIA

DaZZa

--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Henare Degan

2008-09-25 06:11:44 UTC

Permalink

Post by DaZZa
Folks.
Distro is OpenSUSE 11, X64
I'm trying to get a box to allow inbound tftp connections. As far as I
can tell, the config is right for xinet.d. Config file is as follows
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = jffnms
group = www
server = /usr/sbin/in.tftpd
server_args = -s /opt/jffnms/tftpd/
}
However, every time I try to connect to the tftp service, I get the
following error in my logs
Sep 24 09:18:03 fred in.tftpd[29931]: cannot set groups for user nobody
I think this means the service is trying to run as user nobody -
despite the config file telling it to run as another user.
Anyone got any clue why? Or can point out what I've stuffed up?
TIA
DaZZa

Hi DaZZa,

Are you using YaST2 to configure this? (i.e. the TFTP and/or the
xinetd YaST modules) I ask because YaST is liable to overwrite the
config if you manually update /etc/xinetd.d/tftp and YaST reruns.

You should be in 'just works' territory if you're using YaST.

Cheers,

h

--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Henare Degan

2008-09-25 06:24:35 UTC

Permalink

I don't even know what that error means - I can only assume it's
telling me that the in.tftpd process is running as user "nobody"
despite me telling it to run as jffnms - but I'm not even 100% sure of
that.
DaZZa

Odd. Apparently that problem is all over Google like a mad
penguin's... you know the rest.

This thread[0] suggests that tftpd cannot run as an arbitrary user
(without providing a reason), have you tried keeping the defaults? (of
running as root AFAIK).

h

[0] http://ubuntuforums.org/showthread.php?t=339130

--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Glen Turner

2008-09-25 06:43:45 UTC

Permalink

Post by DaZZa
Sep 24 09:18:03 fred in.tftpd[29931]: cannot set groups for user nobody

Perhaps you need to pass the user and group in parameters
to in.tftpd rather than as parameters to xinetd. See the -u
parameter and the manual page in.tftpd(8), which says:

-u username
Specify the username which tftpd will run as; the
default is "nobody". The user ID, group ID, and (if
possible on the platform) the supplementary group IDs
will be set to the ones specified in the system
permission database for this username.

which implies that without -u the daemon will run as the
"nobody" user.

I'm not sure in.tftpd could even bind to the listening port
unless it starts as the root user.

If you are running a recent Linux (with IPv6 support)
you may also need to ensure that xinetd doesn't try to
bind the IPv4-only TFTP protocol to a IPv6 socket.
See the "flags" parameter in xinetd.conf(5).

An example from a running TFTP server is:

service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /srv/tftpboot -c -vv -u tftp -p -U 007
disable = no
per_source = 11
cps = 100 2
flags = IPv4
}

On my distro xinetd also references TCP Wrappers, so /etc/hosts.allow
says
in.tftpd: ALL

On my distro a firewall also exists and a iptables rule had to be added
for the TFTP protocol (which runs over UDP). That requires the tftp connection
tracking module nf_conntrack_tftp to be installed so that RELATED rules can
be matched.

--
Glen Turner <http://www.gdt.id.au/~gdt/>
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

DaZZa

2008-10-01 02:57:24 UTC

Permalink

Post by DaZZa
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /srv/tftpboot -c -vv -u tftp -p -U 007
disable = no
per_source = 11
cps = 100 2
flags = IPv4
}

That seems to have been the issue. I was changing the "user ="
parameter in the tftp config file for xinetd - however, I had to set
that back to root and pass the -u parameter in the server args.

Once I did that, lo and behold, it worked.

Thanks for the push in the right direction.

DaZZa

--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html