Need help with tftp problems

[ddebevec]

I hope I didn't miss anything, but I think we're back where we started.

[root@elisha lib]# ls -lZd /var
drwxr-xr-x. root root system_u:object_r:var_t:s0 /var

[root@elisha lib]# ls -lZd /var/lib
drwxr-xr-x. root root system_u:object_r:var_lib_t:s0 /var/lib

[root@elisha lib]# ls -lZd /var/lib/tftpboot
drwxr-xr-x root root ? /var/lib/tftpboot

-Note I also tried this with "nobody" as owner and group. Same results.

[root@elisha lib]# ls -lZ /var/lib/tftpboot
-r--r--r-- root root ? ap61.ram
-r--r--r-- root root ? ap61.rom
-r--r--r-- root root ? ar430w-firmware.bin
-r--r--r-- root root ? linux.bin

-Note I also tried this with "nobody" as owner and group. Same results.

Added -s to the tftp member

service tftp
{
disable = no
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /var/lib/tftpboot
per_source = 11
cps = 100 2
flags = IPv4
}

Do I need to do a chcon to the tftpboot directory?

Thanks,

David

---------- Post added at 07:59 PM ---------- Previous post was at 07:53 PM ----------

I forgot, the syslog output is:

Feb 15 19:39:58 elisha xinetd[26728]: START: tftp pid=26733 from=192.168.20.81
Feb 15 19:39:58 elisha in.tftpd[26734]: cannot set groups for user nobody
Feb 15 19:42:27 elisha xinetd[26728]: EXIT: tftp status=0 pid=26733 duration=149(sec)

Feb 15 19:43:07 elisha xinetd[26761]: START: tftp pid=26766 from=192.168.20.81
Feb 15 19:43:07 elisha in.tftpd[26767]: cannot set groups for user nobody
Feb 15 19:58:07 elisha xinetd[26761]: EXIT: tftp status=0 pid=26766 duration=900(sec)

[jpollard]

You need to do a "restorecon /var/lib/tftpboot" only if you plan on using SELinux to protect your system.

Does the /etc/group file have an entry like "nobody:x:99:"?

[ddebevec]

That was one of the things that was suggested earlier. I ran grep "nobody:" /etc/{passwd,group} a few days ago and I think I received the following output:

/etc/passwd:nobody:x:99:99:Nobody:/:/sbin/nologin
/etc/group:nobody:x:99:

I'll verify it tonight.

I also ran into another post that found success in stopping xinetd altogether and running in.tftpd indpendently. Their though was xinetd did something to in.tftpd that adds restrictions to it. Something else to try.

Again, thanks for everyones assistance,

David

[jpollard]

For that, you might check the /etc/host.allow and /etc/host.deny lists (man tcpd, man 5 hosts_options

The advantage that xinetd has is the control - you can specify exactly what network to listen for. This is more important when you have multiple network connections.

[ddebevec]

OK, I'll take a look at those tonight. Just to let everyone know, I'm running a pretty vanilla system. It's just perplexing to me that this issue should be this challenging short of a missing patch. Just for the record, I’ve faithfully applied all recommended patches that where available over the years.

Thanks,

David

---------- Post added at 04:07 PM ---------- Previous post was at 08:24 AM ----------

Like I said, it's a pretty vanilla installation ...

[root@elisha ~]# grep "nobody:" /etc/{passwd,group}

/etc/passwd:nobody:x:99:99:Nobody:/:/sbin/nologin
/etc/passwd:nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
/etc/group:nobody:x:99:
/etc/group:nfsnobody:x:65534:
[root@elisha ~]#

#
# hosts.deny This file contains access rules which are used to
# deny connections to network services that either use
# the tcp_wrappers library or that have been
# started through a tcp_wrappers-enabled xinetd.
#
# The rules in this file can also be set up in
# /etc/hosts.allow with a 'deny' option instead.
#
# See 'man 5 hosts_options' and 'man 5 hosts_access'
# for information on rule syntax.
# See 'man tcpd' for information on tcp_wrappers
#
[root@elisha ~]#

#
# hosts.allow This file contains access rules which are used to
# allow or deny connections to network services that
# either use the tcp_wrappers library or that have been
# started through a tcp_wrappers-enabled xinetd.
#
# See 'man 5 hosts_options' and 'man 5 hosts_access'
# for information on rule syntax.
# See 'man tcpd' for information on tcp_wrappers
#
[root@elisha ~]#

[jpollard]

I think you want to enter a "tftpd" entry for a network in the hosts.allow (or a specific entry for each host) There is an example in the manpage for hosts_access for in.tftpd.

[ddebevec]

I would like to update my progress on this issue. I tried various access permissions, but I still received either the “permission denied” or the “cannot set groups for user nobody” message. I hate to say this, but I finally resorted to doing my initial task with a VirtualBox session of Windows XP. I would like to thank everyone that contributed to this effort and I’m intending to upgrade to the current version of Fedora soon.

Thanks Again,

David