Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
rcp(1)				 User Commands				rcp(1)

       rcp - remote file copy

       rcp [-p]	[-a] [-x] [-PN | -PO]  [-k realm] filename1 filename2

       rcp [-pr] [-a] [-x] [-PN	| -PO]	[-k realm] filename... directory

       The  rcp	command	copies files between machines. Each filename or	direc-
       tory argument is	either a remote	file name of the form:


       or a local file name (containing	no  ":"	 (colon)  characters,  or  "/"
       (backslash) before any ":" (colon) characters).

       The  hostname  can  be an IPv4 or IPv6 address string. See inet(7P) and
       inet6(7P). Since	IPv6 addresses already contain	colons,	 the  hostname
       should be enclosed in a pair of square brackets when an IPv6 address is
       used. Otherwise,	the first occurrence of	a colon	can be interpreted  as
       the separator between hostname and path.	For example,


       If  a  filename	is not a full path name, it is interpreted relative to
       your home directory on hostname.	A path on a remote host	may be	quoted
       using  \, ", or ', so that the metacharacters are interpreted remotely.
       Please notice that the kerberized versions of rcp are not IPv6-enabled.

       rcp  does not prompt for	passwords. It either uses Kerberos authentica-
       tion which is enabled through  command-line  options  or	 your  current
       local  user name	must exist on hostname and allow remote	command	execu-
       tion by rsh(1).

       The rcp session can be kerberized using any of the  following  Kerberos
       specific	 options  :  -a,  -PN  or -PO, -x, and -k realm. Some of these
       options (-x and -PN or -PO) can also be specified in the	 [appdefaults]
       section	of  krb5.conf(4).  The usage of	these options and the expected
       behavior	is discussed in	the OPTIONS section below. If Kerberos authen-
       tication	 is  used, authorization to the	account	is controlled by rules
       in krb5_auth_rules(5).  If this authorization fails, fallback to	normal
       rcp  using  rhosts will occur only if the -PO option is used explicitly
       on the command line or is specified in krb5.conf(4).  If	 authorization
       succeeds,  remote copy succeeds without any prompting of	password. Also
       notice that the -PN or -PO, -x, and -k realm options are	just supersets
       of the -a option.

       rcp  handles  third party copies, where neither source nor target files
       are on the current machine. Hostnames may also take the form


       to use username rather than your	current	local user name	 as  the  user
       name  on	 the remote host. rcp also supports Internet domain addressing
       of the remote host, so that:


       specifies the username to be used, the  hostname,  and  the  domain  in
       which  that  host resides. File names that are not full path names will
       be interpreted relative to the home directory of	the user  named	 user-
       name, on	the remote host.

       The following options are supported:

       -a	       This  option explicitly enables Kerberos	authentication
		       and trusts the .k5login file for	access-control.	If the
		       authorization  check  by	in.rshd(1M) on the server-side
		       succeeds	and if the .k5login file permits  access,  the
		       user is allowed to carry	out the	rcp transfer.

       -k realm	       Causes  rcp  to	obtain	tickets	for the	remote host in
		       realm instead of	the remote host's realm	as  determined
		       by krb5.conf(4).

       -p	       Attempts	to give	each copy the same modification	times,
		       access times, modes, and	 ACLs  if  applicable  as  the
		       original	file.

       -PO	       Explicitly  requests  new (-PN) or old (-PO) version of
       -PN	       the Kerberos "rcmd" protocol. The new  protocol	avoids
		       many  security problems prevalant in the	old one	and is
		       regarded	much more secure,  but	is  not	 interoperable
		       with older (MIT/SEAM) servers. The new protocol is used
		       by default, unless  explicitly  specified  using	 these
		       options or through krb5.conf(4).	If Kerberos authoriza-
		       tion fails when using the old "rcmd" protocol, there is
		       fallback	 to  regular,  non-kerberized rcp. This	is not
		       the case	when the new, more secure "rcmd"  protocol  is

       -r	       Copies  each  subtree  rooted at	filename; in this case
		       the destination must be a directory.

       -x	       Causes the information transferred between hosts	to  be
		       encrypted.  Notice that the command is sent unencrypted
		       to the remote  system.  All  subsequent	transfers  are

       See  largefile(5)  for  the  description	 of  the  behavior of rcp when
       encountering files greater than or equal	to 2 Gbyte ( 2**31 bytes).

       The rcp command is IPv6-enabled.	See ip6(7P).  IPv6  is	not  currently
       supported with Kerberos V5 authentication.

       For the kerberized rcp session, each user may have a private authoriza-
       tion list in a file .k5login in their home directory. Each line in this
       file  should  contain  a	 Kerberos  principal  name of the form princi-
       pal/instance@realm. If there is	a  ~/.k5login  file,  then  access  is
       granted	to the account if and only if the originater user is authenti-
       cated to	one of the principals named in the ~/.k5login file. Otherwise,
       the  originating	user will be granted access to the account if and only
       if the authenticated principal name of the user can be  mapped  to  the
       local  account  name  using  the	authenticated-principal-name ->	local-
       user-name mapping rules.	The .k5login file (for access  control)	 comes
       into play only when Kerberos authentication is being done.

       The following exit values are returned:

       0	All files were copied successfully.

       >0	An error occurred.

       See the NOTES section for caveats on the	exit code.


       $HOME/.k5login		       File   containing  Kerberos  principals
				       that are	allowed	access

       /etc/krb5/krb5.conf	       Kerberos	configuration file

       See attributes(5) for descriptions of the following attributes:

       |      ATTRIBUTE	TYPE	     |	    ATTRIBUTE VALUE	   |
       |Availability		     |SUNWrcmdc			   |
       |CSI			     |Enabled			   |

       cpio(1),	 ftp(1),  rlogin(1),  rsh(1),  setfacl(1),   tar(1),   tar(1),
       in.rshd(1M),    hosts.equiv(4),	 krb5.conf(4),	attributes(5),	large-
       file(5),	krb5_auth_rules(5), inet(7P), inet6(7P), ip6(7P)

       rcp is meant to copy between different hosts. Attempting	to rcp a  file
       onto itself, as with:

       example%	rcp tmp/file myhost:/tmp/file

       results in a severely corrupted file.

       rcp  may	not correctly fail when	the target of a	copy is	a file instead
       of a directory.

       rcp  can	 become	 confused  by  output  generated  by  commands	in   a
       $HOME/.profile on the remote host.

       rcp  requires  that the source host have	permission to execute commands
       on the remote host when doing third-party copies.

       rcp does	not properly handle symbolic links. Use	tar or cpio  piped  to
       rsh to obtain remote copies of directories containing symbolic links or
       named pipes. See	tar(1) and cpio(1).

       If you forget to	quote metacharacters intended for the remote host, you
       will get	an incomprehensible error message.

       rcp  will  fail if you copy ACLs	to a file system that does not support

       rcp is CSI-enabled except for the handling of username,	hostname,  and

       When  rcp  is  used  to	perform	third-party copies where either	of the
       remote machines is not running Solaris, the exit	code cannot be	relied
       upon. That is, errors could occur when success is reflected in the exit
       code, or	the copy could be completely successful	even though  an	 error
       is reflected in the exit	code.

SunOS 5.10			  14 May 2003				rcp(1)


Want to link to this manual page? Use this URL:

home | help