[Dnsmasq-discuss] tftp 'Permission denied' issue...
Simon Kelley
simon at thekelleys.org.uk
Fri May 14 09:53:10 BST 2010
Steve Elliott wrote:
> Can anyone suggest why I get 'Permission denied' for this access?
>
> May 14 16:01:23 regret dnsmasq-dhcp[13285]: 1811947682 Available DHCP
> subnet: 10.0.0.0/255.255.255.0
> May 14 16:01:23 regret dnsmasq-dhcp[13285]: 1811947682 Vendor class:
> PXEClient:Arch:00000:UNDI:002001
> May 14 16:01:23 regret dnsmasq-dhcp[13285]: 1811947682 PXE(eth0)
> 00:23:6b:00:20:a2 proxy
> May 14 16:01:23 regret dnsmasq-dhcp[13285]: 1811947682 tags: eth0
> May 14 16:01:23 regret dnsmasq-dhcp[13285]: 1811947682 sent size: 1
> option: 53:message-type 02
> May 14 16:01:23 regret dnsmasq-dhcp[13285]: 1811947682 sent size: 4
> option: 54:server-identifier 10.0.0.150
> May 14 16:01:23 regret dnsmasq-dhcp[13285]: 1811947682 sent size: 9
> option: 60:vendor-class 50:58:45:43:6c:69:65:6e:74
>
> May 14 16:01:23 regret dnsmasq-dhcp[13285]: 1811947682 sent size: 17
> option: 97:client-machine-id 00:00:00:00:00:00:00:00:00:00:00:00:00...
>
> May 14 16:01:23 regret dnsmasq-dhcp[13285]: 1811947682 sent size: 79
> option: 43:vendor-encap 06:01:03:08:0e:80:00:01:0a:00:00:96:80...
>
> May 14 16:01:24 regret dnsmasq-dhcp[13285]: 1811947682 Available DHCP
> subnet: 10.0.0.0/255.255.255.0
> May 14 16:01:24 regret dnsmasq-dhcp[13285]: 1811947682 Vendor class:
> PXEClient:Arch:00000:UNDI:002001
> May 14 16:01:26 regret dnsmasq-dhcp[13285]: 1811947682 Available DHCP
> subnet: 10.0.0.0/255.255.255.0
> May 14 16:01:26 regret dnsmasq-dhcp[13285]: 1811947682 Vendor class:
> PXEClient:Arch:00000:UNDI:002001
> May 14 16:01:26 regret dnsmasq-dhcp[13285]: 1811947682 PXE(eth0)
> 10.0.0.140 00:23:6b:00:20:a2 /xxx/xxx/bootrom.pxe.0
> May 14 16:01:26 regret dnsmasq-dhcp[13285]: 1811947682 tags: eth0
> May 14 16:01:26 regret dnsmasq-dhcp[13285]: 1811947682 bootfile name:
> /xxx/xxx/bootrom.pxe.0
> May 14 16:01:26 regret dnsmasq-dhcp[13285]: 1811947682 next server:
> 10.0.0.150
> May 14 16:01:26 regret dnsmasq-dhcp[13285]: 1811947682 sent size: 1
> option: 53:message-type 05
> May 14 16:01:26 regret dnsmasq-dhcp[13285]: 1811947682 sent size: 4
> option: 54:server-identifier 10.0.0.150
> May 14 16:01:26 regret dnsmasq-dhcp[13285]: 1811947682 sent size: 9
> option: 60:vendor-class 50:58:45:43:6c:69:65:6e:74
>
> May 14 16:01:26 regret dnsmasq-dhcp[13285]: 1811947682 sent size: 17
> option: 97:client-machine-id 00:00:00:00:00:00:00:00:00:00:00:00:00...
>
> May 14 16:01:26 regret dnsmasq-dhcp[13285]: 1811947682 sent size: 37
> option: 43:vendor-encap 47:04:80:00:00:00:0a:1c:ff:57:68:69:63...
>
> May 14 16:01:27 regret dnsmasq-tftp[13285]: cannot access
> /home/Steve/Shared/workspace/xxx/xxx/bootrom.pxe.0: Permission denied
>
> May 14 16:01:27 regret dnsmasq-tftp[13285]: cannot access
> /home/Steve/Shared/workspace/xxx/xxx/bootrom.pxe.0: Permission denied
>
> ftp_root=/home/Steve/Shared/workspace
>
> /home/Steve/Shared/workspace/xxx/xxx/
> -rwxrwxr-x. 1 Steve Steve 482040 2010-05-13 17:32 bootrom.pxe.0
>
>
Have you got --tftp-secure set?
--tftp-secure
Enable TFTP secure mode: without this, any file which is readable
by the dnsmasq process under normal unix access-control rules
is available via TFTP. When the --tftp-secure flag is given, only
files owned by the user running the dnsmasq process are
accessible. If dnsmasq is being run as root, different rules
apply: --tftp-secure has no effect, but only files which have the
world-readable bit set are accessible. It is not recommended to
run dnsmasq as root with TFTP enabled, and certainly not
without specifying --tftp-root. Doing so can expose any
world-readable file on the server to any host on the net.
Cheers,
Simon.
>
> Steve Elliott - Embedded Overflow
> 4, Glassop St., Balmain, NSW 2041.
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
More information about the Dnsmasq-discuss
mailing list