Articles September 17, 2005 at 7:39 pm

Setting Up the TFTP Server in Tiger

As the networking infrastructure guy, I occasionally have the need to update hardware or backup settings using the TFTP protocol. I’ve noticed that there are plenty of good instructions for how to make this work with Panther, but almost none for Tiger.Tweaking TFTP in Panther required editing a file in /etc/xinetd.d/ that no longer exists in Tiger since xinetd has been deprecated in favor of launchd. No worries, however, because you can make TFTP work in Tiger, it’s just that the steps to get there are a bit different. It requires use of the Terminal, but you’re good enough, you’re smart enough, and… we’ll leave it at that.

Tiger starts the TFTP service based on settings specified in a file named /System/Library/LaunchDaemons/tftp.plist. That file contains the command to start the daemon and the optional switches associated with it. By default, the only switch in the plist file is “-i /private/tftpboot”, which is separated out into two individual program arguments, but is logically a single option. According to the man page for tftpd, the -i option means “Enable insecure mode, no realpath”. In all honesty, I’m not sure what that means precisely, but it sounds like no filesystem path is assigned to where TFTP can read and write files. We can fix that.

The first thing to do is make a backup copy of the original tftp.plist file because if bad things happen, we want the ability to start over clean. In the Terminal, copy it with this line:

<code>sudo cp /System/Library/LaunchDaemons/tftp.plist ~/Desktop</code>

Let the editing begin!

<code>sudo nano /System/Library/LaunchDaemons/tftp.plist </code>

Find this line:

<code>&lt;string&gt;-i&lt;/string&gt;</code>

and replace

<code>-i</code>

with

<code>-s</code>

Find this line:

<code>&lt;string&gt;/private/tftpboot&lt;/string&gt;</code>

and replace it with

<code>&lt;string&gt;/path/where/you/want/files/saved&lt;/string&gt;</code>

(/Users/yourname/Public might be a good choice.)

Press control-x to exit and save the plist file.

Start up the TFTP server:

<code>sudo service tftp start</code>

If you’re using Mac OS X’s built-in firewall, be sure to open UDP port 69.

TFTP is a purposely dumb protocol. It requires no authentication, so it can’t create files and can only write to files that are publicly writable. So before any data can be saved via TFTP to a file, that file has to be created and made publicly writable at the local machine by the user.

To create a file:

<code>touch /path/to/file.name</code>

And then to make it publicly writable:

<code>chmod 777 /path/to/file.name</code>

After a hard day of TFTPing, the service can be stopped with:

<code>sudo service tftp stop</code>

No Comments

  • I haven’t used NetBoot or NetRestore, so I’ll have to defer to someone more
    knowledgeable to provide an answer.


    http://www.aaronadams.net
    My two-bit, half-assed opinion concerning whatever it is I fee like writing about.

  • Yes, the default settings are necessary for NetBoot to work. Changing TFTP
    in this way will break NetBoot.

    If you want to use the both at the same time you can just put your files in
    the original TFTP root.


    Changing the world, one server at a time.

    Joel Rennich
    http://www.afp548.com

    • Ah! That explains why the string for the root is /private/tftpboot by default. I’m
      not a Netboot user, so that detail escaped me.

      Would you happen to know the effect of the -i switch? As I stated in the article,
      it wasn’t clear to me what this did. I find the wording in the man page confusing.


      http://www.aaronadams.net
      My two-bit, half-assed opinion concerning whatever it is I fee like writing about.

  • “TFTP is a purposely dumb protocol. It requires no authentication, so it can’t
    create files and can only write to files that are publicly writable. So before any
    data can be saved via TFTP to a file, that file has to be created and made publicly
    writable at the local machine by the user.”

    So, does that mean that I’d have to $touch file.name on the
    tftp server before saving a config from, for instance a Cisco switch/router or
    would saving directly from the Switch (i.e #copy run tftp) be
    possible?

    • That is correct. You need to touch the file and then
      chmod
      777
      it before you try to transfer it from your Cisco device. Saving it
      directly from the switch will cause the operation to fail.


      http://www.aaronadams.net
      My two-bit, half-assed opinion concerning whatever it is I fee like writing about.

      • Sorry to harp on, but I may actually want to impliment this one day.

        I’m actually on my ICND course now (should be listining to the instructor,
        dammit!) and we’re able to save to the tftp server from the Switch/Router
        without touching the file first. I assume this is dut to a ‘special’ version of tftp
        running on the Windows box then?

        • That may be. It’s entirely possible that the TFTP server software you’re using
          creates the file on it’s own with your login name on the machine as the creator.
          The TFTP daemon for OS X, however, doesn’t.


          http://www.aaronadams.net
          My two-bit, half-assed opinion concerning whatever it is I fee like writing about.

  • Rather than using the service command to fire up tftpd I would use launchctl to load the job into luanchd.

    sudo launchctl load -w /System/Library/LaunchDaemons/tftp.plist


    Breaking my server to save yours.

    Josh Wisenbaker
    http://www.afp548.com

Leave a reply

You must be logged in to post a comment.