/tftpboot vs. /var/tftp vs. something else?

Chuck Anderson cra at WPI.EDU
Tue Nov 13 00:46:37 UTC 2007

TFTP is often used to store firmware images and configuration files 
for embedded devices, and as a place for such devices to write crash 
dumps, log files, etc.

FHS 2.3 is silent on where to put files served up by TFTP.  Currently, 
we set the TFTP root to /tftpboot.  This seems suboptimal for a few 

1. The root directory might be read-only on the TFTP server, so it 
isn't a good place to put the TFTP root.

2. The root directory might be too small to store lots of log files, 
huge crash dumps, etc.

3. It really makes no sense to have a separate top-level directory for 
the TFTP service.  /tftpboot is a legacy location that should be 

4. tftp"boot" doesn't fit all use cases.  It isn't used exclusively 
during booting of these devices.

For many years, I've used /var/tftp as a location for storing TFTP 
data.  This mirrors the use of /var/ftp and /var/www.  I therefore 
suggest we change the default configuration in /etc/xinetd.d/tftp to 
reflect this.

At the very least, we should update the selinux-policy to allow 
/var/tftp as an alternate location.  Interestingly, it appears that 
the current policy allows in.tftpd to read var_t, since I haven't 
fixed the contexts on my servers and it is still able to read files:

>ls -ldZ /tftpboot
drwxr-xr-x  root root system_u:object_r:tftpdir_t      /tftpboot/

>ls -ldZ /var/tftp
drwxrwsr-x  tftp tftp user_u:object_r:var_t            /var/tftp/

More information about the fedora-devel-list mailing list