As the networking infrastructure guy, I occasionally have the need to update hardware or backup settings using the TFTP protocol. I’ve noticed that there are plenty of good instructions for how to make this work with Panther, but almost none for Tiger.Tweaking TFTP in Panther required editing a file in /etc/xinetd.d/ that no longer exists in Tiger since xinetd has been deprecated in favor of launchd. No worries, however, because you can make TFTP work in Tiger, it’s just that the steps to get there are a bit different. It requires use of the Terminal, but you’re good enough, you’re smart enough, and… we’ll leave it at that.
Tiger starts the TFTP service based on settings specified in a file named /System/Library/LaunchDaemons/tftp.plist. That file contains the command to start the daemon and the optional switches associated with it. By default, the only switch in the plist file is “-i /private/tftpboot”, which is separated out into two individual program arguments, but is logically a single option. According to the man page for tftpd, the -i option means “Enable insecure mode, no realpath”. In all honesty, I’m not sure what that means precisely, but it sounds like no filesystem path is assigned to where TFTP can read and write files. We can fix that.
The first thing to do is make a backup copy of the original tftp.plist file because if bad things happen, we want the ability to start over clean. In the Terminal, copy it with this line:
<code>sudo cp /System/Library/LaunchDaemons/tftp.plist ~/Desktop</code>
Let the editing begin!
<code>sudo nano /System/Library/LaunchDaemons/tftp.plist </code>
Find this line:
<code><string>-i</string></code>
and replace
<code>-i</code>
with
<code>-s</code>
Find this line:
<code><string>/private/tftpboot</string></code>
and replace it with
<code><string>/path/where/you/want/files/saved</string></code>
(/Users/yourname/Public might be a good choice.)
Press control-x to exit and save the plist file.
Start up the TFTP server:
<code>sudo service tftp start</code>
If you’re using Mac OS X’s built-in firewall, be sure to open UDP port 69.
TFTP is a purposely dumb protocol. It requires no authentication, so it can’t create files and can only write to files that are publicly writable. So before any data can be saved via TFTP to a file, that file has to be created and made publicly writable at the local machine by the user.
To create a file:
<code>touch /path/to/file.name</code>
And then to make it publicly writable:
<code>chmod 777 /path/to/file.name</code>
After a hard day of TFTPing, the service can be stopped with:
<code>sudo service tftp stop</code>
I haven’t used NetBoot or NetRestore, so I’ll have to defer to someone more
knowledgeable to provide an answer.
—
http://www.aaronadams.net
My two-bit, half-assed opinion concerning whatever it is I fee like writing about.
Yes, the default settings are necessary for NetBoot to work. Changing TFTP
in this way will break NetBoot.
If you want to use the both at the same time you can just put your files in
the original TFTP root.
—
Changing the world, one server at a time.
Joel Rennich
http://www.afp548.com
Ah! That explains why the string for the root is /private/tftpboot by default. I’m
not a Netboot user, so that detail escaped me.
Would you happen to know the effect of the -i switch? As I stated in the article,
it wasn’t clear to me what this did. I find the wording in the man page confusing.
—
http://www.aaronadams.net
My two-bit, half-assed opinion concerning whatever it is I fee like writing about.
“TFTP is a purposely dumb protocol. It requires no authentication, so it can’t
create files and can only write to files that are publicly writable. So before any
data can be saved via TFTP to a file, that file has to be created and made publicly
writable at the local machine by the user.”
So, does that mean that I’d have to
$touch file.name
on thetftp server before saving a config from, for instance a Cisco switch/router or
would saving directly from the Switch (i.e
#copy run tftp
) bepossible?
That is correct. You need to
touch
the file and thenchmod
it before you try to transfer it from your Cisco device. Saving it777
directly from the switch will cause the operation to fail.
—
http://www.aaronadams.net
My two-bit, half-assed opinion concerning whatever it is I fee like writing about.
Sorry to harp on, but I may actually want to impliment this one day.
I’m actually on my ICND course now (should be listining to the instructor,
dammit!) and we’re able to save to the tftp server from the Switch/Router
without touching the file first. I assume this is dut to a ‘special’ version of tftp
running on the Windows box then?
That may be. It’s entirely possible that the TFTP server software you’re using
creates the file on it’s own with your login name on the machine as the creator.
The TFTP daemon for OS X, however, doesn’t.
—
http://www.aaronadams.net
My two-bit, half-assed opinion concerning whatever it is I fee like writing about.
Rather than using the service command to fire up tftpd I would use launchctl to load the job into luanchd.
sudo launchctl load -w /System/Library/LaunchDaemons/tftp.plist
—
Breaking my server to save yours.
Josh Wisenbaker
http://www.afp548.com