Native TFTP and FTP Server in OSX

As a System Engineer, I do occasionally have to do real field work. When that happens, having access to a TFTP and FTP server is sometimes required. Although the [lack of] UI makes the use counterintuitive, these tools are available in OSX. This post includes the commands required to enable, confirm, and disable both TFTP and FTP in the native Mac environment.

TFTP Server

//load the TFTP daemon (typically starts automatically)
sudo launchctl load -F /System/Library/LaunchDaemons/tftp.plist

//confirm that TFTP is listening (netstat)
netstat -atp UDP | grep tftp
--output--
udp6       0      0  *.tftp                 *.*   //IPv6 Listening                         
udp4       0      0  *.tftp                 *.*   //IPv4 Listening     

//unload the TFTP daemon
sudo launchctl unload -F /System/Library/LaunchDaemons/tftp.plist

//confirm that TFTP is no longer listening (netstat)
netstat -atp UDP | grep tftp
--no output--

TFTP Caveats

  • Default Directory is /private/tftpboot
  • Copying a file from a device to the TFTP server requires it be “pre” created (Hint: sudo touch /private/tftpboot/<filename>)
  • File permissions typically need to be modified (Hint: sudo chmod 766 /private/tftpboot/*)
  • I just use my TFTP directory for transient file transfers

FTP Server

//load the FTP daemon (typically starts automatically)
sudo launchctl load -w /System/Library/LaunchDaemons/ftp.plist

//confirm that FTP is listening (netstat)
netstat -atp TCP | grep ftp
--output--
tcp6       0      0  *.ftp       *.*           LISTEN     
tcp4       0      0  *.ftp       *.*           LISTEN     

//unload the FTP daemon
sudo launchctl unload -w /System/Library/LaunchDaemons/ftp.plist

//confirm that FTP is no longer listening
netstat -atp TCP | grep ftp
--no output--

FTP Notes

  • FTP access is provided to created users
  • Directory is the default user directory
  • Create a low value account for a transient ftp directory (ftp is plain text)
  • Quickly access directory  — cd ~ftpuser (where ftpuser is <username>)

Disclaimer: This article includes the independent thoughts, opinions, commentary or technical detail of Paul Stewart. This may or may not reflect the position of past, present or future employers.

No related content found.

About Paul Stewart, CCIE 26009 (Security)

Paul is a Network and Security Engineer, Trainer and Blogger who enjoys understanding how things really work. With over 15 years of experience in the technology industry, Paul has helped many organizations build, maintain and secure their networks and systems.
This entry was posted in How-To. Bookmark the permalink.

3 Responses to Native TFTP and FTP Server in OSX

  1. Hanna Miller says:

    FTP has several of security risks. Binfer is a more secure alternative. See FTP alternative.

    • Paul Stewart, CCIE 26009 (Security) says:

      FTP is insecure and is a challenge for production environments. The use cases outlined here are corner cases employed by network engineers.

  2. Aaron Dhiman says:

    Thank You for the CAVEATS section…didn’t know you had to sudo touch first.

Comments are closed.