Explain the new security model activated by the -p option.

1 files changed, 27 insertions, 0 deletions

diff --git a/README.security b/README.security
index 7db6f2e..58eab7f 100644
--- a/README.security
+++ b/README.security
@@ -1,3 +1,30 @@
+$Id$
+
+	       =======================================
+
+Starting in version 0.27, tftp-hpa has the option of a "use Unix
+permissions" mode.  In this mode, tftpd can access any file accessible
+by the tftpd effective user, specified via the -u option.  This means
+that files no longer need to be set to o+r or o+w.
+
+If file creation is enabled (via the -c option), the -p option also
+changes the default umask from 0 (anyone can read or write) to
+"unchanged" (inherited from the calling process.)  The -U option can
+be used to override the default umask; this is recommended.
+
+The sanest setup, from a security standpoint, for tftpd to run in is
+probably the following:
+
+1. Create a separate "tftpd" user and group only used for tftpd;
+2. Have all your boot files in a single directory tree (usually called 
+   /tftpboot).
+3. Specify "-p -u tftpd -s /tftpboot" on the tftpd command line; if
+   you want clients to be able to create files use
+   "-p -c -U 002 -u tftpd -s /tftpboot" (replace 002 with whatever
+   umask is appropriate for your setup.)
+
+	       =======================================
+
 Starting in version 0.17, tftp-hpa operates in genuine "wait" mode,
 which means that an in.tftpd process hangs around for some time after
 the last service request has arrived.  This speeds up servicing a