/tftpboot vs. /var/tftp vs. something else?
Chuck Anderson
cra at WPI.EDU
Tue Nov 13 00:46:37 UTC 2007
TFTP is often used to store firmware images and configuration files
for embedded devices, and as a place for such devices to write crash
dumps, log files, etc.
FHS 2.3 is silent on where to put files served up by TFTP. Currently,
we set the TFTP root to /tftpboot. This seems suboptimal for a few
reasons:
1. The root directory might be read-only on the TFTP server, so it
isn't a good place to put the TFTP root.
2. The root directory might be too small to store lots of log files,
huge crash dumps, etc.
3. It really makes no sense to have a separate top-level directory for
the TFTP service. /tftpboot is a legacy location that should be
reconsidered.
4. tftp"boot" doesn't fit all use cases. It isn't used exclusively
during booting of these devices.
For many years, I've used /var/tftp as a location for storing TFTP
data. This mirrors the use of /var/ftp and /var/www. I therefore
suggest we change the default configuration in /etc/xinetd.d/tftp to
reflect this.
At the very least, we should update the selinux-policy to allow
/var/tftp as an alternate location. Interestingly, it appears that
the current policy allows in.tftpd to read var_t, since I haven't
fixed the contexts on my servers and it is still able to read files:
>ls -ldZ /tftpboot
drwxr-xr-x root root system_u:object_r:tftpdir_t /tftpboot/
>ls -ldZ /var/tftp
drwxrwsr-x tftp tftp user_u:object_r:var_t /var/tftp/
More information about the fedora-devel-list
mailing list