I am running Cygwin64 on two Win10 machines, one Home and one Pro. My software uses tftpd to receive a CSV from a network peer. tftpd is run from init (package sysvinit) with this line:
td:2345:respawn:/usr/sbin/tftpd -vvvvv -L -c -p -u Larry -U 000 -s /tmp
There is no xinetd running, no xinetd or tftp configuration file that I know of. On the Win10 Home system, which is my development system, this works. On the Win10 Pro system, it fails. The client times out. There is no entry in /var/log/messages (syslog-ng). Windows Application Log says "Cannot drop privileges: operation not permitted"
When I stop init and run that command line in a shell, it works and clients can transfer files in. But my system needs the respawn management of init. The pattern was set 12 years ago with Cygwin32 on Win7. My customer is now updating the PC and we have this glitch. If I were developing now, I would put the function on a raspi, but this is just a PC change.
Can anyone recommend a configuration to get the execution of tftpd under init under cygwin under Win10 Pro closer to that of the same command line in a user shell?
Edit 1: I also tried suid. tftpd.exe is owned by the user account, not SYSTEM or whatever cygwin has for root. Suid does not set permissions in a way that solves the problem.
Edit 2: adding cygdrop to the inittab line does not help.
Short version:
Remove tftp and tftp-server, and install inetutils-server and inetutils for the old version.
Remove -u USER flag when running tftpd.
The old tftp version doesn't require dropping privilege.
Longer story:
I tried picking up where you left off, found some resources... wasted hours.
From /usr/share/doc/Cygwin/tftp.README
run tftpd-config to create the unprivileged local account tftpd.
$ /usr/bin/tftpd-config
*** Info: Initially, tftpd runs as a privileged user in order to
*** Info: chroot for security. However, it immediately drops privileges
*** Info: but needs an ordinary, unprivileged user account to do so.
*** Query: Create an unprivileged user 'tftpd' for this purpose? (yes/no) yes
*** Info: Note that creating a new user requires that the current account have
*** Info: Administrator privileges. Should this script attempt to create a
*** Query: new local account 'tftpd'? (yes/no) yes
*** Query: Overwrite existing /etc/inetd.d/tftp file? (yes/no) yes
*** Info: Creating default /etc/inetd.d/tftp file
*** Info: Updated /etc/inetd.d/tftp
*** Info: tftpd configuration finished. Have fun!
*** Info: If you did NOT install tftpd as a standalone service, then
*** Info: you may need to modify /etc/inetd.d/tftp or /etc/xinetd.d/tftp
*** Info: depending on which superserver you wish to use to control
*** Info: tftpd
After this, I still couldn't run it. I tried net user tftpd /active:YES and found that the user is now created but needs the password updated to meet policy requirements. I created a password and was able to enable the user.
$ net user tftpd /active:YES
The command completed successfully.
Still fails: $ /usr/sbin/tftpd -vvv -c -L -p -U 022 -u tftpd -s /tftpboot.
Windows still says no user tftpd.
From my xinetd install, I recall that the service nomenclature is computername+account. I modify my command to $ /usr/sbin/tftpd -vvv -c -L -p -U 022 -u mycomputer+tftpd -s /tftpboot and it now runs!
Attempting to push a file to my computer still fails. Windows application logs now say tftpd: PID 2467: cannot drop privileges: Operation not permitted
I gave up too.
I did find in the /usr/share/doc/Cygwin/tftp.README
The tftp-hpa tftpd server differs from inetutils one, with respect to how
user privileges are handled. The inetutils tftpd requires that tftpd be
So I removed tftp, and installed inetutils-server and inetutils in favor of the old version of tftpd.
Removed -u USER flag BOOM! Works.