RC 22.02-RC.1-2 TFTP bug

[varet]

I am struggling with TFTPD on my Truenas. I have tested tftpclients on different systems (mac, debian, windows) and all fail with the same error

The setup:

i tried also with nobody user

The Directory /mnt/data/trftproot has been tested with: 773, 772, 777. always the same error
owner has been updated to nobody:nogroup or tftp:tftp (according to the service owner)

an example of the error (i get with any system)

root@router:/config# tftp 10.10.0.200 -l config.boot -r config.boot -p
tftp: server error: (2) File must have global write permissions

The problem is under the umask used on tftpd. Basically the umask is not fully modifiable by the Webint, especially the OTHER user is missing.
The command running is:

/usr/sbin/in.tftpd --listen --user nobody --address 0.0.0.0:69 --secure --create --umask 002 /mnt/data/tftproot

command should become for writting to work

/usr/sbin/in.tftpd --listen --user nodoby --address 0.0.0.0:69 --secure --create --umask 005 /mnt/data/tftproot

 

[Samuel Tai]

This is actually pretty common with TFTPD implementations. Typically, you need to touch the filename you're trying to transfer in, and then chmod ugo+w the empty file BEFORE starting the transfer. In this case, I suspect SCALE is just using the upstream tftpd from Debian.

 

[varet]

@Samuel Tai, I do not agree. Typically you do not need to touch and chmod a file using tftpd! otherwise TFTPD would be useless for all the routers, switches and other systems requiring this.

tftpd-hpa does this for you, and the umask is there to enforce this `g+w` if set correctly, reading the last lines of my message shows exactly where the implementation issue is lying.

The umask is configured by the service itself, and it seems that umask is not updated on /etc/defaults/tftpd-ha, but the file is rewritten every time tftpd is restarted or configured.

Further seen umask stay at `002` while with my configuration should be at `115` I believe is still a bug during the update/creation of the config file.

A bit more supporting evidence of a bug is the `midclt` is doing it's job but webui!? probably not and still this 5 in the end is really needed to be the default other flag

root@ap[/etc/default]# midclt call tftp.config
{"id": 1, "directory": "/mnt/data/tftproot", "newfiles": true, "port": 69, "username": "nobody", "umask": "002", "options": "", "host": "0.0.0.0"}

root@ap[/etc/default]# midclt call tftp.update '{"directory": "/mnt/data/tftproot", "newfiles": true, "port": 69, "username": "nobody", "umask": "115", "options": "", "host": "0.0.0.0"}'
{"id": 1, "directory": "/mnt/data/tftproot", "newfiles": true, "port": 69, "username": "nobody", "umask": "115", "options": "", "host": "0.0.0.0"}
root@aphrodite[/etc/default]#

and again after cli update

root@aphrodite[/etc/default]# midclt call tftp.update '{"directory": "/mnt/data/tftproot", "newfiles": true, "port": 69, "username": "nobody", "umask": "115", "options": "", "host": "0.0.0.0"}'
{"id": 1, "directory": "/mnt/data/tftproot", "newfiles": true, "port": 69, "username": "nobody", "umask": "115", "options": "", "host": "0.0.0.0"}
root@aphrodite[/etc/default]#

 

[Samuel Tai]

I used to support an enterprise fleet of switches/routers, and for all the TFTP servers in our enterprise, they all needed the touch/chmod 2-step before uploading.

 

[varet]

I understand and respect this. Used in a lot of enterprises and different TFTP servers handle stuff differently.
Where Obviously if you read my details information, you will see there is a BUG in the webui updating basic settings of the tftpd-hpa server.
I still dissagree that the 2 step is needed.
Otherwhise companies would not automatically upload commit changes with serial as extension, as it tough to predict.

Also most of TFTP uploads do not mention this requirement. I will share this as a bug to the webui team.

 

[Kris Moore]

I understand and respect this. Used in a lot of enterprises and different TFTP servers handle stuff differently.
Where Obviously if you read my details information, you will see there is a BUG in the webui updating basic settings of the tftpd-hpa server.
I still dissagree that the 2 step is needed.
Otherwhise companies would not automatically upload commit changes with serial as extension, as it tough to predict.

Also most of TFTP uploads do not mention this requirement. I will share this as a bug to the webui team.

Please do create a Jira ticket. TFTP is one of our very infrequently used protocols, so I'd not be surprised if there's some issues there we still need to resolve for SCALE.

 

[varet]

Please do create a Jira ticket. TFTP is one of our very infrequently used protocols, so I'd not be surprised if there's some issues there we still need to resolve for SCALE.

thank you, filed a ticket: https://jira.ixsystems.com/browse/NAS-113837
I think is a minor issue, as midcli works!