/tftpboot vs. /var/tftp vs. something else?
cra at WPI.EDU
Tue Nov 13 00:46:37 UTC 2007
TFTP is often used to store firmware images and configuration files
for embedded devices, and as a place for such devices to write crash
dumps, log files, etc.
FHS 2.3 is silent on where to put files served up by TFTP. Currently,
we set the TFTP root to /tftpboot. This seems suboptimal for a few
1. The root directory might be read-only on the TFTP server, so it
isn't a good place to put the TFTP root.
2. The root directory might be too small to store lots of log files,
huge crash dumps, etc.
3. It really makes no sense to have a separate top-level directory for
the TFTP service. /tftpboot is a legacy location that should be
4. tftp"boot" doesn't fit all use cases. It isn't used exclusively
during booting of these devices.
For many years, I've used /var/tftp as a location for storing TFTP
data. This mirrors the use of /var/ftp and /var/www. I therefore
suggest we change the default configuration in /etc/xinetd.d/tftp to
At the very least, we should update the selinux-policy to allow
/var/tftp as an alternate location. Interestingly, it appears that
the current policy allows in.tftpd to read var_t, since I haven't
fixed the contexts on my servers and it is still able to read files:
>ls -ldZ /tftpboot
drwxr-xr-x root root system_u:object_r:tftpdir_t /tftpboot/
>ls -ldZ /var/tftp
drwxrwsr-x tftp tftp user_u:object_r:var_t /var/tftp/
More information about the fedora-devel-list