TFTP (Trivial File Transfer Protocol) is a relatively easy file transfer protocol, running on port 69/UDP, being a lightweight version of the well-known FTP protocol. TFTP lacks some FTP-related functions like a directory listing, however, is still commonly used to backup and restore configuration files of network switches and as a protocol of choice for the initial stages of network booting strategies like PXE or Ironic.
1. Install TFTP server software
~# dnf install tftp-server
2. Edit /usr/lib/systemd/system/tftp.service file and modify ExecStart line adding parameter -c:
[Unit]
Description=Tftp Server
Requires=tftp.socket
Documentation=man:in.tftpd
[Service]
ExecStart=/usr/sbin/in.tftpd -c -s /var/lib/tftpboot
StandardInput=socket
[Install]
Also=tftp.socket
Parameter -c allows new files to be created. By default, tftpd only allows the upload of files that already exist.
3. Reload systemd daemon and units
~# systemctl daemon-reload
4. Allow port 69/UDP on the firewall for tftpd
Check the firewall zone of the network interface, where your tftpd server listens on. In our case, tftpd server listens on the default interface in the system which is enp1s0 with IPv4: 192.168.2.8, so we need to check what firewall zone does the interface belong to:
~# firewall-cmd --get-zone-of-interface enp1s0
public
Now, that we know that the interface belongs to the public zone, we need to allow access to tftp service for this particular zone:
~# firewall-cmd --zone=public --add-service=tftp --permanent
Now reload the firewall service for our changes to take effect immediately:
~# firewall-cmd --reload
success
5. Modify directory permissions for tftpd
Our default upload directory is /var/lib/tftpboot (based on the settings in tftp.service file) and we need to change its permissions in order to let the users upload to this directory:
~# chmod 707 /var/lib/tftpboot
6. Start the tftp service
Enable and start the tftp daemon:
~# systemctl enable --now tftp
7. (optional) Set tftpd related SELinux Booleans
If you have your SELinux enabled in Enforcing mode, and you want to allow tftp to modify public files used for public file transfer services, you have to turn on the tftp_anon_write boolean:
~# setsebool -P tftp_anon_write 1
Troubleshooting TFTPd
TFTP transfer time out
If you encounter the below timeout, when uploading the file:
tftp> put file.txt
putting file.txt to 192.168.2.8:file.txt [netascii]
Transfer timed out.
proposed solution: check and fix your firewall settings to allow TFTP related traffic
TFTP permission denied
If you are getting a permission error during the file put/get attempt:
tftp> put file.txt
Error code 0: Permission denied
proposed solution: check and fix permissions for tftpboot directory, eventually look for SELinux-related issues