4

So I am following a guide to set up a PXE server, for reference here are the links:

Now throughout these guides he keeps running the chmod -R 777 <pxe-server-path>. I have already gone through this guide and it works, however the chmod -R 777 part is scaring me a bit. I did go through the guide step by step, including the chmod commands just out of curiosity I wanted to see what would happen. Needless to say it started producing several gigabytes of log files / broke root etc.

My question is not how to revert damage caused, but rather why does this setup require 777 permissions. To quote the creator of the guide:

Finally, we need to change the permissions of all files concerned because TFTP will not read any files unless they are set to full access.

Surely there are ways around this? My first though was that the TFTP daemon would only require this mod on core kernel/boot-up files only (vmlinuz/initrd.img) - am I wrong?

I ask because I plan to re-do the whole set up and I want to do this without applying the 777 mod to all files as specified in this guide.

Reason behind not wanting to do 777 mod again:

Plus countless more instances that can be found here on ServerFault.

dusz
  • 155
  • 4
  • It does not require all files to be world readable - while this in itself would be a reason to look for another guide on setting up tftpd, it also calls into question everything else the author says. Go read some different sources. – symcbean Apr 08 '13 at 11:45
  • You can use `744` permissions allowing tftp user/owner to have full permissions, while allowing pxe clients have only read permissions on `/srv`. For tftp user, it will need full permissions because otherwise tftpd won't be able to execute. – Drt Apr 08 '13 at 12:06
  • Questions pointed out by you are about `chmod -R 777` on `/`. That's surely dangerous. One should never use it like `rm -rf /`, which is even more dangerous. But using full permissions on any specific directory is a way of "OP" to avoid any failure in setup. Surely, you don't need it. Probabaly one reason for giving 777 would have been, in future if you write some iso's there. Still it should have been 755, I guess. – Drt Apr 08 '13 at 12:11

1 Answers1

2

Settings those permissions is absolutely not needed. Furthermore, you could set the permissions to allow only the user running the TFTP server to read the files.
No execution permissions are needed in any of the files under the PXE root directory. As a matter of fact, I'm using TFTP/PXE on Debian under /srv/tftp, being /srv a separate LV mounted noexec

dawud
  • 14,918
  • 3
  • 41
  • 61