RCP(1) User Commands RCP(1)

NAME


rcp - remote file copy

SYNOPSIS


rcp [-p] [-a] [-K] [-x] [-PN | -PO] [-k realm] filename1 filename2


rcp [-pr] [-a] [-K] [-x] [-PN | -PO] [-k realm] filename... directory


DESCRIPTION


The rcp command copies files between machines. Each filename or
directory argument is either a remote file name of the form:

hostname:path


or a local file name (containing no : (colon) characters, or /
(backslash) before any : (colon) characters).


The hostname can be an IPv4 or IPv6 address string. See inet(4P) and
inet6(4P). Since IPv6 addresses already contain colons, the hostname
should be enclosed in a pair of square brackets when an IPv6 address
is used. Otherwise, the first occurrence of a colon can be
interpreted as the separator between hostname and path. For example,

[1080::8:800:200C:417A]:tmp/file


If a filename is not a full path name, it is interpreted relative to
your home directory on hostname. A path on a remote host can be
quoted using \, ", or ', so that the metacharacters are interpreted
remotely. Please notice that the kerberized versions of rcp are not
IPv6-enabled.


rcp does not prompt for passwords. It either uses Kerberos
authentication which is enabled through command-line options or your
current local user name must exist on hostname and allow remote
command execution by rsh(1).


The rcp session can be kerberized using any of the following Kerberos
specific options : -a, -PN or -PO, -x, and -k realm. Some of these
options (-a, -x and -PN or -PO) can also be specified in the
[appdefaults] section of krb5.conf(5). The usage of these options and
the expected behavior is discussed in the OPTIONS section below. If
Kerberos authentication is used, authorization to the account is
controlled by rules in krb5_auth_rules(7). If this authorization
fails, fallback to normal rcp using rhosts occurs only if the -PO
option is used explicitly on the command line or is specified in
krb5.conf(5). If authorization succeeds, remote copy succeeds without
any prompting of password. Also notice that the -PN or -PO, -x, and
-k realm options are just supersets of the -a option.


rcp handles third party copies, where neither source nor target files
are on the current machine. Hostnames can also take the form

username@hostname:filename


to use username rather than your current local user name as the user
name on the remote host. rcp also supports Internet domain addressing
of the remote host, so that:

username@host.domain:filename


specifies the username to be used, the hostname, and the domain in
which that host resides. File names that are not full path names are
interpreted relative to the home directory of the user named
username, on the remote host.

OPTIONS


The following options are supported:

-a
This option explicitly enables Kerberos authentication
and trusts the .k5login file for access-control. If the
authorization check by in.rshd(8) on the server-side
succeeds and if the .k5login file permits access, the
user is allowed to carry out the rcp transfer.


-k realm
Causes rcp to obtain tickets for the remote host in realm
instead of the remote host's realm as determined by
krb5.conf(5).


-K realm
This option explicitly disables Kerberos authentication.
It can be used to override the autologin variable in
krb5.conf(5).


-p
Attempts to give each copy the same modification times,
access times, modes, and ACLs if applicable as the
original file.


-PO
-PN
Explicitly requests new (-PN) or old (-PO) version of the
Kerberos "rcmd" protocol. The new protocol avoids many
security problems prevalent in the old one and is
regarded much more secure, but is not interoperable with
older (MIT/SEAM) servers. The new protocol is used by
default, unless explicitly specified using these options
or through krb5.conf(5). If Kerberos authorization fails
when using the old "rcmd" protocol, there is fallback to
regular, non-kerberized rcp. This is not the case when
the new, more secure "rcmd" protocol is used.


-r
Copies each subtree rooted at filename; in this case the
destination must be a directory.


-x
Causes the information transferred between hosts to be
encrypted. Notice that the command is sent unencrypted to
the remote system. All subsequent transfers are
encrypted.


USAGE


See largefile(7) for the description of the behavior of rcp when
encountering files greater than or equal to 2 Gbyte ( 2^31 bytes).


The rcp command is IPv6-enabled. See ip6(4P). IPv6 is not currently
supported with Kerberos V5 authentication.


For the kerberized rcp session, each user can have a private
authorization list in a file .k5login in their home directory. Each
line in this file should contain a Kerberos principal name of the
form principal/instance@realm. If there is a ~/.k5login file, then
access is granted to the account if and only if the originating user
is authenticated to one of the principals named in the ~/.k5login
file. Otherwise, the originating user is granted access to the
account if and only if the authenticated principal name of the user
can be mapped to the local account name using the authenticated-
principal-name -> local-user-name mapping rules. The .k5login file
(for access control) comes into play only when Kerberos
authentication is being done.

EXIT STATUS


The following exit values are returned:

0
All files were copied successfully.


>0
An error occurred.


See the NOTES section for caveats on the exit code.

FILES


$HOME/.profile

$HOME/.k5login
File containing Kerberos principals that are
allowed access


/etc/krb5/krb5.conf
Kerberos configuration file


ATTRIBUTES


See attributes(7) for descriptions of the following attributes:


+---------------+-----------------+
|ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+---------------+-----------------+
|CSI | Enabled |
+---------------+-----------------+

SEE ALSO


cpio(1), ftp(1), rlogin(1), rsh(1), setfacl(1), tar(1), inet(4P),
inet6(4P), ip6(4P), hosts.equiv(5), krb5.conf(5), attributes(7),
krb5_auth_rules(7), largefile(7), in.rshd(8)

NOTES


rcp is meant to copy between different hosts. Attempting to rcp a
file onto itself, as with:

example% rcp /tmp/file myhost:/tmp/file


results in a severely corrupted file.


rcp might not correctly fail when the target of a copy is a file
instead of a directory.


rcp can become confused by output generated by commands in a
$HOME/.profile on the remote host.


rcp requires that the source host have permission to execute commands
on the remote host when doing third-party copies.


rcp does not properly handle symbolic links. Use tar or cpio piped to
rsh to obtain remote copies of directories containing symbolic links
or named pipes. See tar(1) and cpio(1).


If you forget to quote metacharacters intended for the remote host,
you get an incomprehensible error message.


rcp fails if you copy ACLs to a file system that does not support
ACLs.


rcp is CSI-enabled except for the handling of username, hostname, and
domain.


When rcp is used to perform third-party copies where either of the
remote machines is not running Solaris, the exit code cannot be
relied upon. That is, errors could occur when success is reflected in
the exit code, or the copy could be completely successful even though
an error is reflected in the exit code.

February 21, 2023 RCP(1)
tribblix@gmail.com :: GitHub :: Privacy