We need a ftp server to boot our clients via PXE boot. Since atftp is now masked, we now use tftp-hpa-5.0. The following error message appears when the server with user "nobody" or another non-root user starts: Mar 22 15:12:13 nz00100 in.tftpd[30438]: cannot set groups for user nobody", and the boot process failed. (atftp worked with user "nobody" correctly.) I have found in the Debian Bug report logs - # 245017 that the error in the version tftp-hpa-5.0-2 should be fixed. Reproducible: Always Steps to Reproduce: 1. install tftp-hpa-5.0 2. edit /etc/xinetd.d/tftp to user "nobody" 3. start tftp server using xinetd 4. try to boot a client via PXE Actual Results: The client boot process failed. Expected Results: The client should boot correctly. nz00100 hg # cat /etc/xinetd.d/tftp service tftp { disable = no socket_type = dgram protocol = udp wait = yes user = nobody server = /usr/sbin/in.tftpd server_args = -R 4096:32767 -s /export/tftpboot }
Created attachment 266967 [details] emerge --info
I believe the config file should be like this: service tftp { disable = no socket_type = dgram protocol = udp wait = yes user = root server = /usr/sbin/in.tftpd server_args = -u nobody -R 4096:32767 -s /export/tftpboot } Does that work for you? Like debian, I run it in standalone mode instead of xinetd, but I think that should be the equivalent...
(In reply to comment #2) > I believe the config file should be like this: > > service tftp > { > disable = no > socket_type = dgram > protocol = udp > wait = yes > user = root > server = /usr/sbin/in.tftpd > server_args = -u nobody -R 4096:32767 -s /export/tftpboot > } > > Does that work for you? Like debian, I run it in standalone mode instead of > xinetd, but I think that should be the equivalent... Yes, that work for me, the client is boot correctly. The tftp-process looks like this: nz00100 hg # ps -ef|grep ftp root 23466 23413 0 09:10 ? 00:00:00 in.tftpd -u nobody -R 4096:32767 -s /export/tftpboot I think that the owner of the process is still root.
That is already the default: cvs/gentoo-x86/net-ftp/tftp-hpa $ cat files/tftp.xinetd service tftp { disable = yes socket_type = dgram protocol = udp wait = yes user = root server = /usr/sbin/in.tftpd server_args = -R 4096:32767 -s /tftpboot } But maybe some more information could be suggested to users?
i dont think this is a bug. from the man page: --user username, -u username Specify the username which tftpd will run as; the default is "nobody". so the default behavior is "-u nobody". perhaps the logic could be improved to not try to setuid() if getuid() is already the desired, but that's a feature request you could post upstream :p.