rcp(1) User Commands rcp(1)
rcp - remote file copy
rcp [-p] [-a] [-x] [-PN | -PO] [-k realm] filename1 filename2
rcp [-pr] [-a] [-x] [-PN | -PO] [-k realm] filename... directory
The rcp command copies files between machines. Each filename or direc-
tory argument is either a remote file name of the form:
or a local file name (containing no ":" (colon) characters, or "/"
(backslash) before any ":" (colon) characters).
The hostname can be an IPv4 or IPv6 address string. See inet(7P) and
inet6(7P). Since IPv6 addresses already contain colons, the hostname
should be enclosed in a pair of square brackets when an IPv6 address is
used. Otherwise, the first occurrence of a colon can be interpreted as
the separator between hostname and path. For example,
If a filename is not a full path name, it is interpreted relative to
your home directory on hostname. A path on a remote host may be quoted
using \, ", or ', so that the metacharacters are interpreted remotely.
Please notice that the kerberized versions of rcp are not IPv6-enabled.
rcp does not prompt for passwords. It either uses Kerberos authentica-
tion which is enabled through command-line options or your current
local user name must exist on hostname and allow remote command execu-
tion by rsh(1).
The rcp session can be kerberized using any of the following Kerberos
specific options : -a, -PN or -PO, -x, and -k realm. Some of these
options (-x and -PN or -PO) can also be specified in the [appdefaults]
section of krb5.conf(4). The usage of these options and the expected
behavior is discussed in the OPTIONS section below. If Kerberos authen-
tication is used, authorization to the account is controlled by rules
in krb5_auth_rules(5). If this authorization fails, fallback to normal
rcp using rhosts will occur only if the -PO option is used explicitly
on the command line or is specified in krb5.conf(4). If authorization
succeeds, remote copy succeeds without any prompting of password. Also
notice that the -PN or -PO, -x, and -k realm options are just supersets
of the -a option.
rcp handles third party copies, where neither source nor target files
are on the current machine. Hostnames may also take the form
to use username rather than your current local user name as the user
name on the remote host. rcp also supports Internet domain addressing
of the remote host, so that:
specifies the username to be used, the hostname, and the domain in
which that host resides. File names that are not full path names will
be interpreted relative to the home directory of the user named user-
name, on the remote host.
The following options are supported:
-a This option explicitly enables Kerberos authentication
and trusts the .k5login file for access-control. If the
authorization check by in.rshd(1M) on the server-side
succeeds and if the .k5login file permits access, the
user is allowed to carry out the rcp transfer.
-k realm Causes rcp to obtain tickets for the remote host in
realm instead of the remote host's realm as determined
-p Attempts to give each copy the same modification times,
access times, modes, and ACLs if applicable as the
-PO Explicitly requests new (-PN) or old (-PO) version of
-PN the Kerberos "rcmd" protocol. The new protocol avoids
many security problems prevalant in the old one and is
regarded much more secure, but is not interoperable
with older (MIT/SEAM) servers. The new protocol is used
by default, unless explicitly specified using these
options or through krb5.conf(4). If Kerberos authoriza-
tion fails when using the old "rcmd" protocol, there is
fallback to regular, non-kerberized rcp. This is not
the case when the new, more secure "rcmd" protocol is
-r Copies each subtree rooted at filename; in this case
the destination must be a directory.
-x Causes the information transferred between hosts to be
encrypted. Notice that the command is sent unencrypted
to the remote system. All subsequent transfers are
See largefile(5) for the description of the behavior of rcp when
encountering files greater than or equal to 2 Gbyte ( 2**31 bytes).
The rcp command is IPv6-enabled. See ip6(7P). IPv6 is not currently
supported with Kerberos V5 authentication.
For the kerberized rcp session, each user may have a private authoriza-
tion list in a file .k5login in their home directory. Each line in this
file should contain a Kerberos principal name of the form princi-
pal/instance@realm. If there is a ~/.k5login file, then access is
granted to the account if and only if the originater user is authenti-
cated to one of the principals named in the ~/.k5login file. Otherwise,
the originating user will be granted access to the account if and only
if the authenticated principal name of the user can be mapped to the
local account name using the authenticated-principal-name -> local-
user-name mapping rules. The .k5login file (for access control) comes
into play only when Kerberos authentication is being done.
The following exit values are returned:
0 All files were copied successfully.
>>0 An error occurred.
See the NOTES section for caveats on the exit code.
$HOME/.k5login File containing Kerberos principals
that are allowed access
/etc/krb5/krb5.conf Kerberos configuration file
See attributes(5) for descriptions of the following attributes:
tab() allbox; cw(2.750000i)| cw(2.750000i) lw(2.750000i)|
lw(2.750000i). ATTRIBUTE TYPEATTRIBUTE VALUE AvailabilitySUNWrcmdc
cpio(1), ftp(1), rlogin(1), rsh(1), setfacl(1), tar(1), tar(1),
in.rshd(1M), hosts.equiv(4), krb5.conf(4), attributes(5), large-
file(5), krb5_auth_rules(5), inet(7P), inet6(7P), ip6(7P)
rcp is meant to copy between different hosts. Attempting to rcp a file
onto itself, as with:
example% rcp tmp/file myhost:/tmp/file
results in a severely corrupted file.
rcp may not correctly fail when the target of a copy is a file instead
of a directory.
rcp can become confused by output generated by commands in a
$HOME/.profile on the remote host.
rcp requires that the source host have permission to execute commands
on the remote host when doing third-party copies.
rcp does not properly handle symbolic links. Use tar or cpio piped to
rsh to obtain remote copies of directories containing symbolic links or
named pipes. See tar(1) and cpio(1).
If you forget to quote metacharacters intended for the remote host, you
will get an incomprehensible error message.
rcp will fail if you copy ACLs to a file system that does not support
rcp is CSI-enabled except for the handling of username, hostname, and
When rcp is used to perform third-party copies where either of the
remote machines is not running Solaris, the exit code cannot be relied
upon. That is, errors could occur when success is reflected in the exit
code, or the copy could be completely successful even though an error
is reflected in the exit code.
SunOS 5.10 14 May 2003 rcp(1)