Tweak Tiger's TFTP
Volume Number: 22 (2006)
Issue Number: 5
Column Tag: Programming
Tweak Tiger's TFTP
by Aaron Adams
As the networking infrastructure guy, I occasionally have the need to update hardware or backup settings using the TFTP protocol. Tweaking TFTP in Panther required editing a file in /etc/xinetd.d/ that no longer exists in Tiger since xinetd has been deprecated in favor of launchd. No worries, however, because you can make TFTP work in Tiger. It's just that the steps to get there are a bit different. It requires use of the Terminal, but you're good enough, you're smart enough, and... we'll just leave it at that.
Tiger starts the TFTP service based on settings specified in the file /System/Library/LaunchDaemons/tftp.plist. That file contains the command to start the daemon and the optional switches associated with it. By default, the only switch in the plist file is -i /private/tftpboot, which is separated out into two individual program arguments, but is logically a single option. According to the man page for tftpd, the -i option means "Enable insecure mode, no realpath". In all honesty, I'm not sure what that means precisely, but it sounds like no filesystem path is assigned to where TFTP can read and write files. We can fix that.
The first thing to do is make a backup copy of the original tftp.plist file because if bad things happen, we want the ability to start over clean. In the Terminal, copy it with this line:
sudo cp /System/Library/LaunchDaemons/tftp.plist ~/Desktop
Let the editing begin!
sudo nano /System/Library/LaunchDaemons/tftp.plist
Find this line:
<string>-i</string>
and replace -i with -s.
Find this line:
<string>/private/tftpboot</string>
and replace it with
<string>/path/where/you/want/files/saved</string>
(/Users/yourname/Public might be a good choice.)
Press control-x to exit and save the plist file.
Start up the TFTP server:
sudo service tftp start
If you're using Mac OS X's built-in firewall, be sure to open UDP port 69.
TFTP is purposely a dumb protocol. It requires no authentication, so it can't create files and can only write to files that are publicly writable. So before any data can be saved via tftp to a file, that file has to be created and made publicly writable at the local machine by the user.
To create a file:
touch /path/to/file.name
And then to make it publicly writable:
chmod 777 /path/to/file.name
After a hard day of TFTPing, the service can be stopped with:
sudo service tftp stop
Aaron Adams