tftp and launchctl on MacOSX

I needed to upgrade the firmware in a Fortinet Firewall. That's done by pointing the Fortinet at a tftp server that has the new firmware image. Simple enough.. except where do I have a tftp server?

Well, not on my main Linux server, because it apparently isn't important enough to install on spec. I could of course go get it, but instead I took a look on my Mac. I honestly didn't expect to find it: I thought they might reserve that for the Server version of Mac OS X, but no, there it was, man page and all. The man page warns:

This server should not be started manually; instead, it should be run using launchd(8) using the plist /System/Library/LaunchDaemons/tftp.plist. It may be started using the launchctl(1) load command.

Well, I don't normally want tftpd running, so launchctl is the obvious choice. Fire that up with "sudo launchctl" and then type:

load -F /System/Library/LaunchDaemons/tftp.plist
 

Why "-F"? Because by default, the tftp.plist contains:

        <key>Disabled</key>
        <true/>
 

If you leave out -F, launchctl will say "nothing found to load", which isn't very helpful - what it really should say is "I can't load this because it's presently disabled". The -F forces it to ignore that little impediment..if you don't use sudo, it will say:

bind(): Permission denied
 

Assuming you had neither problem, some fraction of a second later, tftpd is ready to run (well, LaunchD is ready to listen for tftpd requests and start it up, but you get the idea). Where's your tftpd directory? Not in /tftpboot where you might expect to find it on a Unix system.. the tfpt.plist actually specifies the program arguments, and by default it looks like this:

        <key>ProgramArguments</key>
        <array>
                <string>/usr/libexec/tftpd</string>
                <string>-i</string>
                <string>/private/tftpboot</string>
        </array>
 

So "/private/tftpboot" is where you want to put the files to be accessed. When you are ready to shut tftp off, just tell launchctl:

unload /System/Library/LaunchDaemons/tftp.plist
 

If you did want tftpd to run all the time, you would use

load -w  /System/Library/LaunchDaemons/tftp.plist
 

That changes the "Disabled" key so that the file now has this:

        <key>InitGroups</key>
        <true/>
 

"tftpd" would now be enabled at each boot. Should you later change your mind, "unload -w /System/Library/LaunchDaemons/tftp.plist" will put things back as they were.

Take Control of Your Domain Names

Jump to Comments

Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.

Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.

We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.