tftp on MacOS v26 (Tahoe) [CANCELLED]
preface
tftp was depreciated from macOS.
lesson (might be useful)
Check is it available
ls /usr/libexec/tftpd
Create local tftp directory AS NORMAL user
export u="anton-w"
export dir="/Users/${u}/delme/tftp"
mkdir -p ${dir}
cd ${dir}
pwd
current status
netstat -f inet | grep tftp
lsof -iUDP:69
lsof -nPi | grep ":69"
stop service and verify
export s="system/com.apple.tftpd"
launchctl stop ${s}
launchctl bootout ${s}
launchctl disable ${s}
launchctl remove ${s}
launchctl list | grep ${s}
netstat -f inet | grep tftp
lsof -iUDP:69
lsof -nPi | grep ":69"
default config has disabled option, override is needed
export f="/System/Library/LaunchDaemons/tftp.plist"
cat ${f} | grep com.apple.tftpd
cat ${f} | grep -i -A1 disabled
Create override
export f="/System/Library/LaunchDaemons/tftp.plist"
export fov="/Library/LaunchDaemons/local.tftp.plist"
cp ${f} ${fov}
ls -la ${fov}
vi ${fov}
Content
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<false/>
<key>Label</key>
<string>local.tftp</string>
<key>ProgramArguments</key>
<array>
<string>/usr/libexec/tftpd</string>
<string>-d</string>
<string>-l</string>
<string>-s</string>
<string>/Users/anton-w/delme/tftp</string>
<string>-u</string>
<string>anton-w</string>
</array>
<key>inetdCompatibility</key>
<dict>
<key>Wait</key>
<true/>
</dict>
<key>InitGroups</key>
<true/>
<key>Sockets</key>
<dict>
<key>Listeners</key>
<dict>
<key>SockServiceName</key>
<string>tftp</string>
<key>SockType</key>
<string>dgram</string>
</dict>
</dict>
</dict>
</plist>
Verify plist file
cat ${fov} | grep -i -A1 disabled
plutil -lint ${fov}
Set ownership and permissions
ls -la ${fov}
chown root:wheel ${fov}
chmod 644 ${fov}
ls -la ${fov}
Enable service
export s="system/local.tftp"
launchctl stop ${s}
launchctl bootout ${s}
launchctl disable ${s}
launchctl remove ${s}
launchctl list | grep ${s}
launchctl enable ${s}
export f="/Library/LaunchDaemons/local.tftp.plist"
launchctl load -wF ${f}
# launchctl bootstrap system ${s}
launchctl start ${s}
launchctl list ${s}
launchctl print ${s} | grep state
New file should be in the dump
launchctl dumpstate | grep ".plist" | grep ftp
Verify that default TFTP root exists
ls -la /private/tftpboot
Create if missing
sudo mkdir -p /private/tftpboot
sudo chmod 777 /private/tftpboot
Verify tftp is listening on
netstat -f inet | grep tftp
netstat -an | grep "*.69"
netstat -atp UDP | grep tftp
lsof -iUDP:69
lsof -nPi | grep ":69"
Check state firewall
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate
if needed, create a rule to allow
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --add /usr/libexec/tftpd
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --unblockapp /usr/libexec/tftpd
I am using Little Snitch, thus my native firewall is disabled.
TFTP daemon is set up and ready to receive/transmit files.
troubleshooting
launchctl dumpstate | grep ".plist" | grep ftp
log stream --style syslog --predicate 'process == "launchctl"'
log stream --style syslog --predicate 'subsystem == "com.apple.xpc.launchctl"'
log show --last 5m --style syslog --predicate 'subsystem == "com.apple.xpc.launchctl"'
Start daemon manually
/usr/libexec/tftpd \
-d \
-l \
-s \
/Users/anton-w/delme/tftp \
-u \
anton-w
FIle exist, is executable , but does not do anything.
pkgutil --file-info /usr/libexec/tftpd
# no package provides
codesign -dv /usr/libexec/tftpd
# has not authority
csrutil authenticated-root status
file /usr/libexec/tftpd
mount | grep "sealed"
Go home.
No Comments