Mainpage
Searchform
History
Versions
Categories
Contents
Deutsch
/etc/inetd.conf
. For this copy, if you do not have it
already, /etc/inetd.conf.secure
to
/etc/inetd.conf
.
If your system does not use /etc/inetd.conf.secure
, then
/etc/inetd.conf
is already the more secure variation.
We call it more secure because all daemons are not started directly , but
through /usr/bin/tcpd
, the wraper daemon.
It uses /etc/hosts.allow
and /etc/hosts.deny
to
establish which strange host can contact which service.
Read the manual page hosts_access
(call: `man 5
hosts_access'
to know how you must configure
/etc/hosts.allows
and /etc/hosts.deny
to
configure correctly the more secure variation of
/etc/inetd.conf
.
Now to the real tftp. You must carry out the following changes in
/etc/inetd.conf
. The line:
# tftp dgram udp wait nobody /usr/sbin/tcpd in.tftpmust be changed for example into the following one:
tftp dgram udp wait nobody /usr/sbin/tcpd in.tftpd /tftpbootThe directory declared here
/tftpboot
is the only one that
can be taken from the data via tftp.
Since the tcpd
starts the in.tftpd
as user
nobody (an absolute must, since no password is required in
tftp
), the privileges of /usr/sbin/in.tftpd
are
still to be changed. With the command:
chmod 755 /usr/sbin/in.tftpdthey are correctly set. The following rules apply for the use of
tftp
:
/usr/sbin/in.tftpd
only accepts in a tftp
request file declarations that:tftpboot
(or another one
that is declared as argument in /etc/inetd.conf
)
/../
(protection against
cheating)
/../
as a result.
You will find more about daemons in.tftp
in the manual page.
Keywords: NET, XTERMINAL, TFTP, SECURITY, TCPD
Feedback welcome: Send Mail to werner@suse.de (Please give the following subject: SDB-tftp_solved
)
Mainpage
Searchform
History
Versions
Categories
Contents
Deutsch