RCP(1) User Commands RCP(1)
NAME
rcp - remote file copy
SYNOPSIS
rcp [
-p] [
-a] [
-K] [
-x] [
-PN |
-PO] [
-k realm]
filename1 filename2 rcp [
-pr] [
-a] [
-K] [
-x] [
-PN |
-PO] [
-k realm]
filename...
directoryDESCRIPTION
The
rcp command copies files between machines. Each
filename or
directory argument is either a remote file name of the form:
hostname:path or a local file name (containing no
: (colon) characters, or
/ (backslash) before any
: (colon) characters).
The
hostname can be an IPv4 or IPv6 address string. See
inet(4P) and
inet6(4P). Since IPv6 addresses already contain colons, the
hostname should be enclosed in a pair of square brackets when an IPv6 address is
used. Otherwise, the first occurrence of a colon can be interpreted as
the separator between
hostname and
path. For example,
[1080::8:800:200C:417A]:tmp/file
If a
filename is not a full path name, it is interpreted relative to your
home directory on
hostname. A
path on a remote host can be quoted using
\,
", or
', so that the metacharacters are interpreted remotely. Please
notice that the kerberized versions of
rcp are not IPv6-enabled.
rcp does not prompt for passwords. It either uses Kerberos authentication
which is enabled through command-line options or your current local user
name must exist on
hostname and allow remote command execution by
rsh(1).
The
rcp session can be kerberized using any of the following Kerberos
specific options :
-a,
-PN or
-PO,
-x, and
-k realm. Some of these
options (
-a,
-x and
-PN or
-PO) can also be specified in the
[appdefaults] section of
krb5.conf(5). The usage of these options and the
expected behavior is discussed in the OPTIONS section below. If Kerberos
authentication is used, authorization to the account is controlled by
rules in
krb5_auth_rules(7). If this authorization fails, fallback to
normal
rcp using rhosts occurs only if the
-PO option is used explicitly
on the command line or is specified in
krb5.conf(5). If authorization
succeeds, remote copy succeeds without any prompting of password. Also
notice that the
-PN or
-PO,
-x, and
-k realm options are just supersets
of the
-a option.
rcp handles third party copies, where neither source nor target files are
on the current machine. Hostnames can also take the form
username@hostname:filename to use
username rather than your current local user name as the user name
on the remote host.
rcp also supports Internet domain addressing of the
remote host, so that:
username@host.domain:filename specifies the username to be used, the hostname, and the domain in which
that host resides. File names that are not full path names are
interpreted relative to the home directory of the user named
username, on
the remote host.
OPTIONS
The following options are supported:
-a This option explicitly enables Kerberos authentication and
trusts the
.k5login file for access-control. If the
authorization check by
in.rshd(8) on the server-side succeeds
and if the
.k5login file permits access, the user is allowed
to carry out the
rcp transfer.
-k realm Causes
rcp to obtain tickets for the remote host in
realm instead of the remote host's realm as determined by
krb5.conf(5).
-K realm This option explicitly disables Kerberos authentication. It
can be used to override the
autologin variable in
krb5.conf(5).
-p Attempts to give each copy the same modification times,
access times, modes, and
ACLs if applicable as the original
file.
-PO -PN Explicitly requests new (
-PN) or old (
-PO) version of the
Kerberos "
rcmd" protocol. The new protocol avoids many
security problems prevalent in the old one and is regarded
much more secure, but is not interoperable with older
(MIT/SEAM) servers. The new protocol is used by default,
unless explicitly specified using these options or through
krb5.conf(5). If Kerberos authorization fails when using the
old "
rcmd" protocol, there is fallback to regular, non-
kerberized
rcp. This is not the case when the new, more
secure "
rcmd" protocol is used.
-r Copies each subtree rooted at
filename; in this case the
destination must be a directory.
-x Causes the information transferred between hosts to be
encrypted. Notice that the command is sent unencrypted to the
remote system. All subsequent transfers are encrypted.
USAGE
See
largefile(7) for the description of the behavior of
rcp when
encountering files greater than or equal to 2 Gbyte ( 2^31 bytes).
The
rcp command is IPv6-enabled. See
ip6(4P).
IPv6 is not currently
supported with Kerberos V5 authentication.
For the kerberized
rcp session, each user can have a private
authorization list in a file
.k5login in their home directory. Each line
in this file should contain a Kerberos principal name of the form
principal/
instance@
realm. If there is a
~/.k5login file, then access is
granted to the account if and only if the originating user is
authenticated to one of the principals named in the
~/.k5login file.
Otherwise, the originating user is granted access to the account if and
only if the authenticated principal name of the user can be mapped to the
local account name using the
authenticated-principal-name ->
local-user- name mapping rules. The
.k5login file (for access control) comes into
play only when Kerberos authentication is being done.
EXIT STATUS
The following exit values are returned:
0 All files were copied successfully.
>0 An error occurred.
See the NOTES section for caveats on the exit code.
FILES
$HOME/.profile $HOME/.k5login File containing Kerberos principals that are
allowed access
/etc/krb5/krb5.conf Kerberos configuration file
ATTRIBUTES
See
attributes(7) for descriptions of the following attributes:
+---------------+-----------------+
|ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+---------------+-----------------+
|CSI | Enabled |
+---------------+-----------------+
SEE ALSO
cpio(1),
ftp(1),
rlogin(1),
rsh(1),
setfacl(1),
tar(1),
tar(1),
inet(4P),
inet6(4P),
ip6(4P),
hosts.equiv(5),
krb5.conf(5),
attributes(7),
krb5_auth_rules(7),
largefile(7),
in.rshd(8)NOTES
rcp is meant to copy between different hosts. Attempting to
rcp a file
onto itself, as with:
example%
rcp tmp/file myhost:/tmp/file results in a severely corrupted file.
rcp might not correctly fail when the target of a copy is a file instead
of a directory.
rcp can become confused by output generated by commands in a
$HOME/.profile on the remote host.
rcp requires that the source host have permission to execute commands on
the remote host when doing third-party copies.
rcp does not properly handle symbolic links. Use
tar or
cpio piped to
rsh to obtain remote copies of directories containing symbolic links or named
pipes. See
tar(1) and
cpio(1).
If you forget to quote metacharacters intended for the remote host, you
get an incomprehensible error message.
rcp fails if you copy
ACLs to a file system that does not support
ACLs.
rcp is
CSI-enabled except for the handling of username, hostname, and
domain.
When
rcp is used to perform third-party copies where either of the remote
machines is not running Solaris, the exit code cannot be relied upon.
That is, errors could occur when success is reflected in the exit code,
or the copy could be completely successful even though an error is
reflected in the exit code.
September 12, 2020
RCP(1)