Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
rcp(1)				 User Commands				rcp(1)

       rcp - remote file copy

       rcp [-p]	[-a] [-x] [-PN | -PO]  [-k realm] filename1 filename2

       rcp [-pr] [-a] [-x] [-PN	| -PO]	[-k realm] filename... directory

       The  rcp	command	copies files between machines. Each filename or	direc-
       tory argument is	either a remote	file name of the form:


       or a local file name (containing	no  ":"	 (colon)  characters,  or  "/"
       (backslash) before any ":" (colon) characters).

       The  hostname  can  be an IPv4 or IPv6 address string. See inet(7P) and
       inet6(7P). Since	IPv6 addresses already contain	colons,	 the  hostname
       should be enclosed in a pair of square brackets when an IPv6 address is
       used. Otherwise,	the first occurrence of	a colon	can be interpreted  as
       the separator between hostname and path.	For example,


       If  a  filename	is not a full path name, it is interpreted relative to
       your home directory on hostname.	A path on a remote host	may be	quoted
       using  \, ", or ', so that the metacharacters are interpreted remotely.
       Please notice that the kerberized versions of rcp are not IPv6-enabled.

       rcp does	not prompt for passwords. It either uses Kerberos  authentica-
       tion  which is enabled through command-line options or your current lo-
       cal user	name must exist	on hostname and	allow remote command execution
       by rsh(1).

       The  rcp	 session can be	kerberized using any of	the following Kerberos
       specific	options	: -a, -PN or -PO, -x, and -k realm. Some of these  op-
       tions  (-x  and	-PN or -PO) can	also be	specified in the [appdefaults]
       section of krb5.conf(4).	The usage of these options  and	 the  expected
       behavior	is discussed in	the OPTIONS section below. If Kerberos authen-
       tication	is used, authorization to the account is controlled  by	 rules
       in krb5_auth_rules(5).  If this authorization fails, fallback to	normal
       rcp using rhosts	will occur only	if the -PO option is  used  explicitly
       on  the	command	line or	is specified in	krb5.conf(4). If authorization
       succeeds, remote	copy succeeds without any prompting of password.  Also
       notice that the -PN or -PO, -x, and -k realm options are	just supersets
       of the -a option.

       rcp handles third party copies, where neither source nor	 target	 files
       are on the current machine. Hostnames may also take the form


       to  use	username  rather than your current local user name as the user
       name on the remote host.	rcp also supports Internet  domain  addressing
       of the remote host, so that:


       specifies  the  username	 to  be	 used, the hostname, and the domain in
       which that host resides.	File names that	are not	full path  names  will
       be  interpreted	relative to the	home directory of the user named user-
       name, on	the remote host.

       The following options are supported:

       -a	       This option explicitly enables Kerberos	authentication
		       and trusts the .k5login file for	access-control.	If the
		       authorization check by in.rshd(1M) on  the  server-side
		       succeeds	 and  if the .k5login file permits access, the
		       user is allowed to carry	out the	rcp transfer.

       -k realm	       Causes rcp to obtain tickets for	 the  remote  host  in
		       realm  instead of the remote host's realm as determined
		       by krb5.conf(4).

       -p	       Attempts	to give	each copy the same modification	times,
		       access  times,  modes,  and  ACLs  if applicable	as the
		       original	file.

       -PO	       Explicitly requests new (-PN) or	old (-PO)  version  of
       -PN	       the  Kerberos  "rcmd" protocol. The new protocol	avoids
		       many security problems prevalant	in the old one and  is
		       regarded	 much  more  secure,  but is not interoperable
		       with older (MIT/SEAM) servers. The new protocol is used
		       by default, unless explicitly specified using these op-
		       tions or	through	krb5.conf(4). If  Kerberos  authoriza-
		       tion fails when using the old "rcmd" protocol, there is
		       fallback	to regular, non-kerberized rcp.	 This  is  not
		       the  case  when the new,	more secure "rcmd" protocol is

       -r	       Copies each subtree rooted at filename;	in  this  case
		       the destination must be a directory.

       -x	       Causes  the information transferred between hosts to be
		       encrypted. Notice that the command is sent  unencrypted
		       to  the remote system. All subsequent transfers are en-

       See largefile(5)	for the	description of the behavior of	rcp  when  en-
       countering files	greater	than or	equal to 2 Gbyte ( 2**31 bytes).

       The  rcp	 command  is  IPv6-enabled. See	ip6(7P). IPv6 is not currently
       supported with Kerberos V5 authentication.

       For the kerberized rcp session, each user may have a private authoriza-
       tion list in a file .k5login in their home directory. Each line in this
       file should contain a Kerberos principal	name of	the form principal/in-
       stance@realm.  If there is a ~/.k5login file, then access is granted to
       the account if and only if the originater user is authenticated to  one
       of  the	principals named in the	~/.k5login file. Otherwise, the	origi-
       nating user will	be granted access to the account if and	 only  if  the
       authenticated principal name of the user	can be mapped to the local ac-
       count name using	the  authenticated-principal-name  ->  local-user-name
       mapping	rules.	The .k5login file (for access control) comes into play
       only when Kerberos authentication is being done.

       The following exit values are returned:

       0	All files were copied successfully.

       >0	An error occurred.

       See the NOTES section for caveats on the	exit code.


       $HOME/.k5login		       File  containing	 Kerberos   principals
				       that are	allowed	access

       /etc/krb5/krb5.conf	       Kerberos	configuration file

       See attributes(5) for descriptions of the following attributes:

       |      ATTRIBUTE	TYPE	     |	    ATTRIBUTE VALUE	   |
       |Availability		     |SUNWrcmdc			   |
       |CSI			     |Enabled			   |

       cpio(1),	  ftp(1),   rlogin(1),	rsh(1),	 setfacl(1),  tar(1),  tar(1),
       in.rshd(1M),   hosts.equiv(4),  krb5.conf(4),   attributes(5),	large-
       file(5),	krb5_auth_rules(5), inet(7P), inet6(7P), ip6(7P)

       rcp  is meant to	copy between different hosts. Attempting to rcp	a file
       onto itself, as with:

       example%	rcp tmp/file myhost:/tmp/file

       results in a severely corrupted file.

       rcp may not correctly fail when the target of a copy is a file  instead
       of a directory.

       rcp   can  become  confused  by	output	generated  by  commands	 in  a
       $HOME/.profile on the remote host.

       rcp requires that the source host have permission to  execute  commands
       on the remote host when doing third-party copies.

       rcp  does  not properly handle symbolic links. Use tar or cpio piped to
       rsh to obtain remote copies of directories containing symbolic links or
       named pipes. See	tar(1) and cpio(1).

       If you forget to	quote metacharacters intended for the remote host, you
       will get	an incomprehensible error message.

       rcp will	fail if	you copy ACLs to a file	system that does  not  support

       rcp  is	CSI-enabled except for the handling of username, hostname, and

       When rcp	is used	to perform third-party copies where either of the  re-
       mote  machines  is  not running Solaris,	the exit code cannot be	relied
       upon. That is, errors could occur when success is reflected in the exit
       code,  or  the copy could be completely successful even though an error
       is reflected in the exit	code.

SunOS 5.10			  14 May 2003				rcp(1)


Want to link to this manual page? Use this URL:

home | help