unable to create new files (even with "-c"option)
Ross S. W. Walker
rwalker at medallion.com
Thu Sep 13 19:33:06 UTC 2007
Les Mikesell wrote:
> Ross S. W. Walker wrote:
> >>> Just to make sure, is the /tftpboot directory set to perms 777?
> >> Not that that parent directory (/tftpboot) requires (or should
> >> ever have) anything like that to work
> >> -- why the voodoo suggestion?
> > Because if you are allowing any old anonymous user to write to
> > that directory then why would one care if you only allowed group
> > 'nobody' to write there?
> > You could set it to 755 and create a 'cisco' dir underneath with
> > 777, but I would leave that for when it's working.
> > Chances are though everything under /tftpboot is subject to
> > modification and /tftpboot will need to be a separate volume to
> > protect against DoS through filling up the disk drive.
> The usual approach is to create the filename yourself (ssh in
> and "touch
> devicename-confg") and chmod it to 666 before doing the tftp.
> That way
> you don't have to let tftp create any files and its lack of
> authentication is less of an issue). If you are committing
> the configs
> to cvs (a good idea, since you can easily track changes),
> note that cvs
> for some reason will change the modes as a side effect of the
> commit and
> you'll have to put them back to 666 before the next tftp in.
Yes, those are good controls on tftp and sound like best practices.
For initial population of /tftpboot though one may want to use -c
and then once it is populated remove the -c switch, check it all
into cvs/subversion and make sure the permissions are sane.
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.
More information about the CentOS