Mainpage
Searchform
History
Versions
Categories
Contents
Deutsch
/etc/inetd.conf. For this copy, if you do not have it
already, /etc/inetd.conf.secure to
/etc/inetd.conf.
If your system does not use /etc/inetd.conf.secure, then
/etc/inetd.conf is already the more secure variation.
We call it more secure because all daemons are not started directly , but
through /usr/bin/tcpd, the wraper daemon.
It uses /etc/hosts.allow and /etc/hosts.deny to
establish which strange host can contact which service.
Read the manual page hosts_access (call: `man 5
hosts_access' to know how you must configure
/etc/hosts.allows and /etc/hosts.deny to
configure correctly the more secure variation of
/etc/inetd.conf.
Now to the real tftp. You must carry out the following changes in
/etc/inetd.conf. The line:
# tftp dgram udp wait nobody /usr/sbin/tcpd in.tftpmust be changed for example into the following one:
tftp dgram udp wait nobody /usr/sbin/tcpd in.tftpd /tftpbootThe directory declared here
/tftpboot is the only one that
can be taken from the data via tftp.
Since the tcpd starts the in.tftpd as user
nobody (an absolute must, since no password is required in
tftp), the privileges of /usr/sbin/in.tftpd are
still to be changed. With the command:
chmod 755 /usr/sbin/in.tftpdthey are correctly set. The following rules apply for the use of
tftp:
/usr/sbin/in.tftpd only accepts in a tftp
request file declarations that:tftpboot (or another one
that is declared as argument in /etc/inetd.conf)
/../ (protection against
cheating)
/../ as a result.
You will find more about daemons in.tftp in the manual page.
Keywords: NET, XTERMINAL, TFTP, SECURITY, TCPD
Feedback welcome: Send Mail to werner@suse.de (Please give the following subject: SDB-tftp_solved)
Mainpage
Searchform
History
Versions
Categories
Contents
Deutsch