This page discusses using the TFTP file transfer
protocol on HP systems.
TFTP - Trivial File Transfer
Protocol
Typical HP installations do not start the TFTP daemon.
When TFTP is started, various security mechanisms limit file access.
These security mechanisms are discussed below.
On HP systems there is a startup line for TFTP present in the
/etc/inetd.conf file, but it is usually commented out. With the comment
character removed, the TFTP protocol must be restarted. Note that TFTP
can read only from directories available through the security
mechanisms, which is similar to "secure mode" operation on other host
types.
If you want to run TFTP as your file transfer protocol for the
@workStation, you must start it or verify that it is running, and then
add the appropriate netOS directory to the TFTP access list.
To start your TFTP service on the HP and add the netOS
directory (you must be root user to do these steps):
1. Check to see if TFTP is running; check for a comment
character on the TFTP line in the /etc/inetd.conf file. The line looks
like this:
#tftp dgram udp wait root /etc/in.tftpd tftpd\
/usr/lib/uxinstlf.700\
/usr/lib/uxinstkern.700
2. Remove the comment character ( # ) from the
beginning of the line.
3. Add the appropriate netOS directory (in this case:
/usr/lib/netOS) to the TFTP access list.
tftp dgram udp wait root /etc/in.tftpd tftpd\
/usr/lib/uxinstlf.700\
/usr/lib/uxinstkern.700\
/usr/lib/netOS
Note the backslash character as a designator of line
continuation.
4. Restart the inetd process. Find the process identification
number (PID) from the following command:
ps -aux | grep inetd
Then issue this command:
kill -1 <PID>
This restarts the inetd process which starts the TFTP
daemon.
TFTP in "Secure Mode" on HP Systems
TFTP on HP/UX systems operates with security limitations.
Access to the file system is limited by the TFTP configuration. There
are three possibilities for setting the TFTP security.
1. File access is limited by the filenames or directories
specified on the TFTP startup line in /etc/inetd.conf, as described in
the previous section.
tftp dgram udp wait root /etc/in.tftpd tftpd\
/usr/lib/uxinstlf.700\
/usr/lib/uxinstkern.700\
/usr/lib/netOS
In this case, TFTP file transfers are permitted for the
two .700 files and any files in the /usr/lib/netOS directory. You
could add other file names or directories as needed. Symbolic links are
permitted in this path.
2. File access is limited to the home directory of the
pseudo-user "tftp". In general, the "tftp" user is identified in the
/etc/passwd file as follows:
tftp:*:510:guest:tftp server:/usr/tftpdir:/bin/false
where tftp is the username, * is the password, guest is the
membership, /usr/tftpdir is the home directory, and the default shell
is bogus since there is never a login to the tftp user's shell.
A TFTP file transfer initiates a chroot() call so it changes
its root directory to the home directory of the tftp pseudo-user, which
is /usr/tftpdir in this case. All files transferred must be in this
directory, and the file paths you enter must take this into account.
Symbolic links are not permitted in this directory. This security
mechanism for TFTP simulates the behavior of "TFTP secure mode" found in
other operating systems.
3. You can specify both of these TFTP security variables. When
you request a TFTP file transfer, TFTP first looks for the file using
its home directory (which is /usr/tftpdir in this example) as the root
directory of its search. If the requested file is not found, it
searches from the "root" directory specified in the TFTP startup line
in /etc/inetd.conf, which in the example above is /usr/lib/netOS.
Check the man pages on your HP system for the TFTP arguments
and options for your system. Check the relevant files to see what the
current TFTP configuration is on your system.
@workStation File Path Specifications
The important thing for @workStation configuration is that these
security mechanisms affect how you specify the netOS path for the
@workStation. Since TFTP changes its root directory based on the
security mechanisms in place, this has the effect of prepending those
secure directory paths to the pathname you enter on the @workStation.
For example, if your netOS is located in /usr/lib/X11/HDS/netOS, and
the TFTP secure directory is /usr/lib, you must specify your
@workStation's netOS path as /X11/HDS/netOS, since TFTP will prepend
its secure directory to the path for the file search.
Return to Section Heading Page
Return to the Home Page
If you need more information than is available here, you can reach
HDS via email at info@hds.com, or
call us at 1.800.HDS.1551 in the USA, or at +610.277.8300 from outside
the US. For questions or problems regarding the HDS WWW page, contact
webmaster@hds.com.
© 1996 by HDS Network Systems
Inc.