| Summary: | net-ftp/tftp-hpa-5.0 PXE Boot fails when the tftp server is started as a non-root user | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | holger.gleissner |
| Component: | [OLD] Server | Assignee: | Gentoo's Team for Core System packages <base-system> |
| Status: | RESOLVED INVALID | ||
| Severity: | normal | CC: | pchrist |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | x86 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Attachments: | emerge --info | ||
Created attachment 266967 [details]
emerge --info
I believe the config file should be like this:
service tftp
{
disable = no
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -u nobody -R 4096:32767 -s /export/tftpboot
}
Does that work for you? Like debian, I run it in standalone mode instead of xinetd, but I think that should be the equivalent...
(In reply to comment #2) > I believe the config file should be like this: > > service tftp > { > disable = no > socket_type = dgram > protocol = udp > wait = yes > user = root > server = /usr/sbin/in.tftpd > server_args = -u nobody -R 4096:32767 -s /export/tftpboot > } > > Does that work for you? Like debian, I run it in standalone mode instead of > xinetd, but I think that should be the equivalent... Yes, that work for me, the client is boot correctly. The tftp-process looks like this: nz00100 hg # ps -ef|grep ftp root 23466 23413 0 09:10 ? 00:00:00 in.tftpd -u nobody -R 4096:32767 -s /export/tftpboot I think that the owner of the process is still root. That is already the default:
cvs/gentoo-x86/net-ftp/tftp-hpa $ cat files/tftp.xinetd
service tftp
{
disable = yes
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -R 4096:32767 -s /tftpboot
}
But maybe some more information could be suggested to users?
i dont think this is a bug. from the man page:
--user username, -u username
Specify the username which tftpd will run as; the default is "nobody".
so the default behavior is "-u nobody". perhaps the logic could be improved to not try to setuid() if getuid() is already the desired, but that's a feature request you could post upstream :p.
|
We need a ftp server to boot our clients via PXE boot. Since atftp is now masked, we now use tftp-hpa-5.0. The following error message appears when the server with user "nobody" or another non-root user starts: Mar 22 15:12:13 nz00100 in.tftpd[30438]: cannot set groups for user nobody", and the boot process failed. (atftp worked with user "nobody" correctly.) I have found in the Debian Bug report logs - # 245017 that the error in the version tftp-hpa-5.0-2 should be fixed. Reproducible: Always Steps to Reproduce: 1. install tftp-hpa-5.0 2. edit /etc/xinetd.d/tftp to user "nobody" 3. start tftp server using xinetd 4. try to boot a client via PXE Actual Results: The client boot process failed. Expected Results: The client should boot correctly. nz00100 hg # cat /etc/xinetd.d/tftp service tftp { disable = no socket_type = dgram protocol = udp wait = yes user = nobody server = /usr/sbin/in.tftpd server_args = -R 4096:32767 -s /export/tftpboot }