[Dnsmasq-discuss] tftp 'Permission denied' issue...

Simon Kelley simon at thekelleys.org.uk
Fri May 14 09:53:10 BST 2010


Steve Elliott wrote:
> Can anyone suggest why I get 'Permission denied' for this access?
> 
> May 14 16:01:23 regret dnsmasq-dhcp[13285]: 1811947682 Available DHCP
> subnet: 10.0.0.0/255.255.255.0
> May 14 16:01:23 regret dnsmasq-dhcp[13285]: 1811947682 Vendor class:
> PXEClient:Arch:00000:UNDI:002001
> May 14 16:01:23 regret dnsmasq-dhcp[13285]: 1811947682 PXE(eth0)
> 00:23:6b:00:20:a2 proxy
> May 14 16:01:23 regret dnsmasq-dhcp[13285]: 1811947682 tags: eth0
> May 14 16:01:23 regret dnsmasq-dhcp[13285]: 1811947682 sent size:  1
> option: 53:message-type  02
> May 14 16:01:23 regret dnsmasq-dhcp[13285]: 1811947682 sent size:  4
> option: 54:server-identifier  10.0.0.150
> May 14 16:01:23 regret dnsmasq-dhcp[13285]: 1811947682 sent size:  9
> option: 60:vendor-class  50:58:45:43:6c:69:65:6e:74
> 
> May 14 16:01:23 regret dnsmasq-dhcp[13285]: 1811947682 sent size: 17
> option: 97:client-machine-id  00:00:00:00:00:00:00:00:00:00:00:00:00...
> 
> May 14 16:01:23 regret dnsmasq-dhcp[13285]: 1811947682 sent size: 79
> option: 43:vendor-encap  06:01:03:08:0e:80:00:01:0a:00:00:96:80...
> 
> May 14 16:01:24 regret dnsmasq-dhcp[13285]: 1811947682 Available DHCP
> subnet: 10.0.0.0/255.255.255.0
> May 14 16:01:24 regret dnsmasq-dhcp[13285]: 1811947682 Vendor class:
> PXEClient:Arch:00000:UNDI:002001
> May 14 16:01:26 regret dnsmasq-dhcp[13285]: 1811947682 Available DHCP
> subnet: 10.0.0.0/255.255.255.0
> May 14 16:01:26 regret dnsmasq-dhcp[13285]: 1811947682 Vendor class:
> PXEClient:Arch:00000:UNDI:002001
> May 14 16:01:26 regret dnsmasq-dhcp[13285]: 1811947682 PXE(eth0)
> 10.0.0.140 00:23:6b:00:20:a2 /xxx/xxx/bootrom.pxe.0
> May 14 16:01:26 regret dnsmasq-dhcp[13285]: 1811947682 tags: eth0
> May 14 16:01:26 regret dnsmasq-dhcp[13285]: 1811947682 bootfile name:
> /xxx/xxx/bootrom.pxe.0
> May 14 16:01:26 regret dnsmasq-dhcp[13285]: 1811947682 next server:
> 10.0.0.150
> May 14 16:01:26 regret dnsmasq-dhcp[13285]: 1811947682 sent size:  1
> option: 53:message-type  05
> May 14 16:01:26 regret dnsmasq-dhcp[13285]: 1811947682 sent size:  4
> option: 54:server-identifier  10.0.0.150
> May 14 16:01:26 regret dnsmasq-dhcp[13285]: 1811947682 sent size:  9
> option: 60:vendor-class  50:58:45:43:6c:69:65:6e:74
> 
> May 14 16:01:26 regret dnsmasq-dhcp[13285]: 1811947682 sent size: 17
> option: 97:client-machine-id  00:00:00:00:00:00:00:00:00:00:00:00:00...
> 
> May 14 16:01:26 regret dnsmasq-dhcp[13285]: 1811947682 sent size: 37
> option: 43:vendor-encap  47:04:80:00:00:00:0a:1c:ff:57:68:69:63...
> 
> May 14 16:01:27 regret dnsmasq-tftp[13285]: cannot access
> /home/Steve/Shared/workspace/xxx/xxx/bootrom.pxe.0: Permission denied
> 
> May 14 16:01:27 regret dnsmasq-tftp[13285]: cannot access
> /home/Steve/Shared/workspace/xxx/xxx/bootrom.pxe.0: Permission denied
> 
> ftp_root=/home/Steve/Shared/workspace
> 
> /home/Steve/Shared/workspace/xxx/xxx/
> -rwxrwxr-x. 1 Steve Steve 482040 2010-05-13 17:32 bootrom.pxe.0
> 
> 


Have you got --tftp-secure set?

--tftp-secure
      Enable TFTP secure mode: without this, any file which is readable
      by the dnsmasq process under normal unix access-control rules
      is available via TFTP. When the --tftp-secure flag is given, only
      files owned by the  user  running  the  dnsmasq  process  are
      accessible.  If dnsmasq is being run as root, different rules
      apply: --tftp-secure has no effect, but only files which have the
      world-readable bit set are accessible. It is not recommended to
      run dnsmasq as  root  with  TFTP  enabled,  and  certainly  not
      without specifying --tftp-root. Doing so can expose any
      world-readable file on the server to any host on the net.

Cheers,

Simon.

> 
> Steve Elliott - Embedded Overflow
> 4, Glassop St., Balmain, NSW 2041.
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss




More information about the Dnsmasq-discuss mailing list