Skip to main content

tftp on MacOS v26 (Tahoe)

Check is it available

ls /usr/libexec/tftpd

andcurrent configstatus

catnetstat /System/Library/LaunchDaemons/tftp.plist-f inet | grep tftp
lsof -iUDP:69
lsof -nPi | grep ":69"

Enable? itstop service

sudoexport s="system/com.apple.tftpd"
launchctl loadstop -w${s}
/System/Library/LaunchDaemons/tftp.plistlaunchctl
bootout

Verfiy${s} it

launchctl 
sudodisable ${s}
launchctl remove ${s}
launchctl list | grep tftp${s}

export f="/System/Library/LaunchDaemons/tftp.plist"
cat ${f} | grep com.apple.tftpd
cat ${f} | grep -i -A1 disabled

plutil -lint ${f}

check that service stopped, current status

netstat -f inet | grep tftp
lsof -iUDP:69
lsof -nPi | grep ":69"

Create override

export fov="/Library/LaunchDaemons/com.apple.tftpd.plist"
ls -la ${fov}
vi     ${fov}

Content

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>Disabled</key>
    <false/>
</dict>
</plist>

Verify plist file

cat ${fov} | grep -i -A1 disabled
plutil -lint ${fov}

Enable override (start the service)

ls -la ${fov}
chown root:wheel ${fov}
chmod 644 ${fov}
ls -la ${fov}

export s="system/com.apple.tftpd"
launchctl stop ${s}
launchctl bootout ${s}
launchctl enable ${s}
launchctl bootstrap system ${s}


# launchctl load -wF ${f}
export f="/System/Library/LaunchDaemons/tftp.plist"

launchctl start ${s}
launchctl list ${s}
launchctl print ${s} | grep state

Verify that default TFTP root exists

ls -la /private/tftpboot

Create if missing

sudo mkdir -p /private/tftpboot
sudo chmod 777 /private/tftpboot

Verify tftp is listening on

netstat -f inet | grep tftp
netstat -an | grep "*.69"
netstat -atp UDP | grep tftp
lsof -iUDP:69
lsof -nPi | grep ":69"

Check state firewall

sudo /usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate

if needed, create a rule to allow

sudo /usr/libexec/ApplicationFirewall/socketfilterfw --add /usr/libexec/tftpd
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --unblockapp /usr/libexec/tftpd

I am using Little Snitch, thus my native firewall is disabled.

TFTP daemon is set up and ready to receive/transmit files.

enhancement on placing TFTP root dir to home directory

cd /private/
sudo rm -rf tftpboot
mkdir /Users/myuser/tftpboot
sudo ln -s /Users/myuser/tftpboot tftpboot
sudo launchctl unload -F /System/Library/LaunchDaemons/tftp.plist
sudo launchctl load -F /System/Library/LaunchDaemons/tftp.plist

troubleshooting

log stream         --style syslog --predicate 'process == "launchctl"'
log stream         --style syslog --predicate 'subsystem == "com.apple.xpc.launchctl"'
log show --last 5m --style syslog --predicate 'subsystem == "com.apple.xpc.launchctl"'
Back to top