User Commands rcp(1)
NAME
rcp - remote file copy
SYNOPSIS
rcp [-p] [-a] [-K] [-x] [-PN | -PO] [-k realm] filename1 filename2
rcp [-pr] [-a] [-K] [-x] [-PN | -PO] [-k realm] filename... directory
DESCRIPTION
The rcp command copies files between machines. Each filename
or directory argument is either a remote file name of the form: hostname:path or a local file name (containing no : (colon) characters, or / (backslash) before any : (colon) characters). The hostname can be an IPv4 or IPv6 address string. See inet(7P) and inet6(7P). Since IPv6 addresses already contain colons, the hostname should be enclosed in a pair of square brackets when an IPv6 address is used. Otherwise, the first occurrence of a colon can be interpreted as the separator between hostname and path. For example, [1080::8:800:200C:417A]:tmp/file If a filename is not a full path name, it is interpreted relative to your home directory on hostname. A path on a remote host can be quoted using \, ", or ', so that the metacharacters are interpreted remotely. Please notice thatthe kerberized versions of rcp are not IPv6-enabled.
rcp does not prompt for passwords. It either uses Kerberos
authentication which is enabled through command-line options
or your current local user name must exist on hostname and allow remote command execution by rsh(1).The rcp session can be kerberized using any of the following
Kerberos specific options : -a, -PN or -PO, -x, and -k
realm. Some of these options (-a, -x and -PN or -PO) can
SunOS 5.11 Last change: 23 Dec 2008 1
User Commands rcp(1)
also be specified in the [appdefaults] section of krb5.conf(4). The usage of these options and the expectedbehavior is discussed in the OPTIONS section below. If Ker-
beros authentication is used, authorization to the accountis controlled by rules in krb5_auth_rules(5). If this
authorization fails, fallback to normal rcp using rhosts
occurs only if the -PO option is used explicitly on the com-
mand line or is specified in krb5.conf(4). If authorization succeeds, remote copy succeeds without any prompting ofpassword. Also notice that the -PN or -PO, -x, and -k realm
options are just supersets of the -a option.
rcp handles third party copies, where neither source nor
target files are on the current machine. Hostnames can also take the form username@hostname:filename to use username rather than your current local user name asthe user name on the remote host. rcp also supports Internet
domain addressing of the remote host, so that: username@host.domain:filename specifies the username to be used, the hostname, and the domain in which that host resides. File names that are notfull path names are interpreted relative to the home direc-
tory of the user named username, on the remote host. OPTIONS The following options are supported:-a This option explicitly enables Kerberos authen-
tication and trusts the .k5login file foraccess-control. If the authorization check by
in.rshd(1M) on the server-side succeeds and if
the .k5login file permits access, the user isallowed to carry out the rcp transfer.
-k realm Causes rcp to obtain tickets for the remote host
in realm instead of the remote host's realm as determined by krb5.conf(4).-K realm This option explicitly disables Kerberos authen-
tication. It canbe used to override theSunOS 5.11 Last change: 23 Dec 2008 2
User Commands rcp(1)
autologin variable inkrb5.conf(4).-p Attempts to give each copy the same modification
times, access times, modes, and ACLs if applica-
ble as the original file.-PO Explicitly requests new (-PN) or old (-PO) ver-
-PN sion of the Kerberos "rcmd" protocol. The new
protocol avoids many security problems prevalant in the old one and is regarded much more secure,but is not interoperable with older (MIT/SEAM) servers. The new protocol is used by default, unless explicitly specified using these options
or through krb5.conf(4). If Kerberos authoriza-
tion fails when using the old "rcmd" protocol,there is fallback to regular, non-kerberized
rcp. This is not the case when the new, more
secure "rcmd" protocol is used.-r Copies each subtree rooted at filename; in this
case the destination must be a directory.-x Causes the information transferred between hosts
to be encrypted. Notice that the command is sent unencrypted to the remote system. All subsequent transfers are encrypted.USAGE
See largefile(5) for the description of the behavior of rcp
when encountering files greater than or equal to 2 Gbyte ( 2^31 bytes).The rcp command is IPv6-enabled. See ip6(7P). IPv6 is not
currently supported with Kerberos V5 authentication.For the kerberized rcp session, each user can have a private
authorization list in a file .k5login in their home direc-
tory. Each line in this file should contain a Kerberos prin-
cipal name of the form principal/instance@realm. If there is a ~/.k5login file, then access is granted to the account if and only if the originater user is authenticated to one of the principals named in the ~/.k5login file. Otherwise, the originating user is granted access to the account if and only if the authenticated principal name of the user can bemapped to the local account name using the authenticated-
SunOS 5.11 Last change: 23 Dec 2008 3
User Commands rcp(1)
principal-name -> local-user-name mapping rules. The
.k5login file (for access control) comes into play only when Kerberos authentication is being done. EXIT STATUS The following exit values are returned: 0 All files were copied successfully. >0 An error occurred. See the NOTES section for caveats on the exit code. FILES$HOME/.profile
$HOME/.k5login File containing Kerberos principals
that are allowed access /etc/krb5/krb5.conf Kerberos configuration fileATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:_______________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|________________________________|
| Availability | service/network/network-clients|
|_____________________________|________________________________|
| CSI | Enabled ||_____________________________|________________________________|
SEE ALSO
cpio(1), ftp(1), rlogin(1), rsh(1), setfacl(1), tar(1),tar(1), in.rshd(1M), hosts.equiv(4), krb5.conf(4), attri-
butes(5), largefile(5), krb5_auth_rules(5), inet(7P),
inet6(7P), ip6(7P) NOTESrcp is meant to copy between different hosts. Attempting to
rcp a file onto itself, as with:
example% rcp tmp/file myhost:/tmp/file
SunOS 5.11 Last change: 23 Dec 2008 4
User Commands rcp(1)
results in a severely corrupted file.rcp might not correctly fail when the target of a copy is a
file instead of a directory.rcp can become confused by output generated by commands in a
$HOME/.profile on the remote host.
rcp requires that the source host have permission to execute
commands on the remote host when doing third-party copies.
rcp does not properly handle symbolic links. Use tar or cpio
piped to rsh to obtain remote copies of directories contain-
ing symbolic links or named pipes. See tar(1) and cpio(1). If you forget to quote metacharacters intended for the remote host, you get an incomprehensible error message.rcp fails if you copy ACLs to a file system that does not
support ACLs.rcp is CSI-enabled except for the handling of username,
hostname, and domain.When rcp is used to perform third-party copies where either
of the remote machines is not running Solaris, the exit codecannot be relied upon. That is, errors could occur when suc-
cess is reflected in the exit code, or the copy could be completely successful even though an error is reflected in the exit code.SunOS 5.11 Last change: 23 Dec 2008 5