# tftp on MacOS v26 (Tahoe) [CANCELLED] # preface tftp was depreciated from macOS. # lesson (might be useful) Check is it available ```zsh ls /usr/libexec/tftpd ``` [![](https://storage.googleapis.com/iau-data-dox/uploads/images/gallery/2025-11/scaled-1680-/hOl3CmrrRGqgn2Ih-image-1763804890114.png)](https://storage.googleapis.com/iau-data-dox/uploads/images/gallery/2025-11/hOl3CmrrRGqgn2Ih-image-1763804890114.png) Create local tftp directory AS NORMAL user ```zsh export u="anton-w" export dir="/Users/${u}/delme/tftp" mkdir -p ${dir} cd ${dir} pwd ``` current status ```zsh netstat -f inet | grep tftp lsof -iUDP:69 lsof -nPi | grep ":69" ``` stop service and verify ```zsh export s="system/com.apple.tftpd" launchctl stop ${s} launchctl bootout ${s} launchctl disable ${s} launchctl remove ${s} launchctl list | grep ${s} netstat -f inet | grep tftp lsof -iUDP:69 lsof -nPi | grep ":69" ``` default config has disabled option, override is needed ```zsh export f="/System/Library/LaunchDaemons/tftp.plist" cat ${f} | grep com.apple.tftpd cat ${f} | grep -i -A1 disabled ``` Create override ``` export f="/System/Library/LaunchDaemons/tftp.plist" export fov="/Library/LaunchDaemons/local.tftp.plist" cp ${f} ${fov} ls -la ${fov} vi ${fov} ``` Content ```xml Disabled Label local.tftp ProgramArguments /usr/libexec/tftpd -d -l -s /Users/anton-w/delme/tftp -u anton-w inetdCompatibility Wait InitGroups Sockets Listeners SockServiceName tftp SockType dgram ``` Verify plist file ```zsh cat ${fov} | grep -i -A1 disabled plutil -lint ${fov} ``` Set ownership and permissions ```zsh ls -la ${fov} chown root:wheel ${fov} chmod 644 ${fov} ls -la ${fov} ``` Enable service ```zsh export s="system/local.tftp" launchctl stop ${s} launchctl bootout ${s} launchctl disable ${s} launchctl remove ${s} launchctl list | grep ${s} launchctl enable ${s} export f="/Library/LaunchDaemons/local.tftp.plist" launchctl load -wF ${f} # launchctl bootstrap system ${s} launchctl start ${s} launchctl list ${s} launchctl print ${s} | grep state ``` New file should be in the dump ```zsh launchctl dumpstate | grep ".plist" | grep ftp ``` [![](https://storage.googleapis.com/iau-data-dox/uploads/images/gallery/2025-11/scaled-1680-/Ne5QUEAuImIJqJWj-image-1763818184505.png)](https://storage.googleapis.com/iau-data-dox/uploads/images/gallery/2025-11/Ne5QUEAuImIJqJWj-image-1763818184505.png) Verify that default TFTP root exists ```zsh ls -la /private/tftpboot ``` Create if missing ```zsh sudo mkdir -p /private/tftpboot sudo chmod 777 /private/tftpboot ``` Verify tftp is listening on ```zsh netstat -f inet | grep tftp netstat -an | grep "*.69" netstat -atp UDP | grep tftp lsof -iUDP:69 lsof -nPi | grep ":69" ``` Check state firewall ```bash sudo /usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate ``` if needed, create a rule to allow ```zsh sudo /usr/libexec/ApplicationFirewall/socketfilterfw --add /usr/libexec/tftpd sudo /usr/libexec/ApplicationFirewall/socketfilterfw --unblockapp /usr/libexec/tftpd ``` I am using Little Snitch, thus my native firewall is disabled. TFTP daemon is set up and ready to receive/transmit files. troubleshooting ```zsh launchctl dumpstate | grep ".plist" | grep ftp ``` ```zsh log stream --style syslog --predicate 'process == "launchctl"' log stream --style syslog --predicate 'subsystem == "com.apple.xpc.launchctl"' log show --last 5m --style syslog --predicate 'subsystem == "com.apple.xpc.launchctl"' ``` Start daemon manually ```zsh /usr/libexec/tftpd \ -d \ -l \ -s \ /Users/anton-w/delme/tftp \ -u \ anton-w ``` FIle exist, is executable , but does not do anything. ```zsh pkgutil --file-info /usr/libexec/tftpd # no package provides codesign -dv /usr/libexec/tftpd # has not authority csrutil authenticated-root status file /usr/libexec/tftpd mount | grep "sealed" ``` Go home.