Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (SunOS-5.10)
Apropos / Subsearch:
optional field

rcp(1)                           User Commands                          rcp(1)

       rcp - remote file copy

       rcp [-p] [-a] [-x] [-PN | -PO]  [-k realm] filename1 filename2

       rcp [-pr] [-a] [-x] [-PN | -PO]  [-k realm] filename... directory

       The  rcp command copies files between machines. Each filename or direc-
       tory argument is either a remote file name of the form:


       or a local file name (containing no  ":"  (colon)  characters,  or  "/"
       (backslash) before any ":" (colon) characters).

       The  hostname  can  be an IPv4 or IPv6 address string. See inet(7P) and
       inet6(7P). Since IPv6 addresses already contain  colons,  the  hostname
       should be enclosed in a pair of square brackets when an IPv6 address is
       used. Otherwise, the first occurrence of a colon can be interpreted  as
       the separator between hostname and path. For example,


       If  a  filename  is not a full path name, it is interpreted relative to
       your home directory on hostname. A path on a remote host may be  quoted
       using  \, ", or ', so that the metacharacters are interpreted remotely.
       Please notice that the kerberized versions of rcp are not IPv6-enabled.

       rcp does not prompt for passwords. It either uses Kerberos  authentica-
       tion  which  is  enabled  through  command-line options or your current
       local user name must exist on hostname and allow remote command  execu-
       tion by rsh(1).

       The  rcp  session can be kerberized using any of the following Kerberos
       specific options : -a, -PN or -PO, -x, and  -k  realm.  Some  of  these
       options  (-x and -PN or -PO) can also be specified in the [appdefaults]
       section of krb5.conf(4). The usage of these options  and  the  expected
       behavior is discussed in the OPTIONS section below. If Kerberos authen-
       tication is used, authorization to the account is controlled  by  rules
       in krb5_auth_rules(5).  If this authorization fails, fallback to normal
       rcp using rhosts will occur only if the -PO option is  used  explicitly
       on  the  command line or is specified in krb5.conf(4). If authorization
       succeeds, remote copy succeeds without any prompting of password.  Also
       notice that the -PN or -PO, -x, and -k realm options are just supersets
       of the -a option.

       rcp handles third party copies, where neither source nor  target  files
       are on the current machine. Hostnames may also take the form


       to  use  username  rather than your current local user name as the user
       name on the remote host. rcp also supports Internet  domain  addressing
       of the remote host, so that:


       specifies  the  username  to  be  used, the hostname, and the domain in
       which that host resides. File names that are not full path  names  will
       be  interpreted  relative to the home directory of the user named user-
       name, on the remote host.

       The following options are supported:

       -a              This option explicitly enables Kerberos  authentication
                       and trusts the .k5login file for access-control. If the
                       authorization check by in.rshd(1M) on  the  server-side
                       succeeds  and  if the .k5login file permits access, the
                       user is allowed to carry out the rcp transfer.

       -k realm        Causes rcp to obtain tickets for  the  remote  host  in
                       realm  instead of the remote host's realm as determined
                       by krb5.conf(4).

       -p              Attempts to give each copy the same modification times,
                       access  times,  modes,  and  ACLs  if applicable as the
                       original file.

       -PO             Explicitly requests new (-PN) or old (-PO)  version  of
       -PN             the  Kerberos  "rcmd" protocol. The new protocol avoids
                       many security problems prevalant in the old one and  is
                       regarded  much  more  secure,  but is not interoperable
                       with older (MIT/SEAM) servers. The new protocol is used
                       by  default,  unless  explicitly  specified using these
                       options or through krb5.conf(4). If Kerberos authoriza-
                       tion fails when using the old "rcmd" protocol, there is
                       fallback to regular, non-kerberized rcp.  This  is  not
                       the  case  when the new, more secure "rcmd" protocol is

       -r              Copies each subtree rooted at filename;  in  this  case
                       the destination must be a directory.

       -x              Causes  the information transferred between hosts to be
                       encrypted. Notice that the command is sent  unencrypted
                       to  the  remote  system.  All  subsequent transfers are

       See largefile(5) for the  description  of  the  behavior  of  rcp  when
       encountering files greater than or equal to 2 Gbyte ( 2**31 bytes).

       The  rcp  command  is  IPv6-enabled. See ip6(7P). IPv6 is not currently
       supported with Kerberos V5 authentication.

       For the kerberized rcp session, each user may have a private authoriza-
       tion list in a file .k5login in their home directory. Each line in this
       file should contain a Kerberos  principal  name  of  the  form  princi-
       pal/instance@realm.  If  there  is  a  ~/.k5login  file, then access is
       granted to the account if and only if the originater user is  authenti-
       cated to one of the principals named in the ~/.k5login file. Otherwise,
       the originating user will be granted access to the account if and  only
       if  the  authenticated  principal name of the user can be mapped to the
       local account name using  the  authenticated-principal-name  ->  local-
       user-name  mapping  rules. The .k5login file (for access control) comes
       into play only when Kerberos authentication is being done.

       The following exit values are returned:

       0        All files were copied successfully.

       >>0       An error occurred.

       See the NOTES section for caveats on the exit code.


       $HOME/.k5login                  File  containing  Kerberos   principals
                                       that are allowed access

       /etc/krb5/krb5.conf             Kerberos configuration file

       See attributes(5) for descriptions of the following attributes:

       tab()     allbox;     cw(2.750000i)|    cw(2.750000i)    lw(2.750000i)|
       lw(2.750000i).   ATTRIBUTE  TYPEATTRIBUTE  VALUE  AvailabilitySUNWrcmdc

       cpio(1),   ftp(1),   rlogin(1),  rsh(1),  setfacl(1),  tar(1),  tar(1),
       in.rshd(1M),   hosts.equiv(4),  krb5.conf(4),   attributes(5),   large-
       file(5), krb5_auth_rules(5), inet(7P), inet6(7P), ip6(7P)

       rcp  is meant to copy between different hosts. Attempting to rcp a file
       onto itself, as with:

       example% rcp tmp/file myhost:/tmp/file

       results in a severely corrupted file.

       rcp may not correctly fail when the target of a copy is a file  instead
       of a directory.

       rcp   can  become  confused  by  output  generated  by  commands  in  a
       $HOME/.profile on the remote host.

       rcp requires that the source host have permission to  execute  commands
       on the remote host when doing third-party copies.

       rcp  does  not properly handle symbolic links. Use tar or cpio piped to
       rsh to obtain remote copies of directories containing symbolic links or
       named pipes. See tar(1) and cpio(1).

       If you forget to quote metacharacters intended for the remote host, you
       will get an incomprehensible error message.

       rcp will fail if you copy ACLs to a file system that does  not  support

       rcp  is  CSI-enabled except for the handling of username, hostname, and

       When rcp is used to perform third-party  copies  where  either  of  the
       remote  machines is not running Solaris, the exit code cannot be relied
       upon. That is, errors could occur when success is reflected in the exit
       code,  or  the copy could be completely successful even though an error
       is reflected in the exit code.

SunOS 5.10                        14 May 2003                           rcp(1)