rcp Command

Purpose

Transfers files between a local and a remote host or between two remote hosts.

Syntax

rcp [ -p] [ -F] [ -k realm ] [-m] { { User@Host:File | Host:File | File } { User@Host:File | Host:File | File | User@Host:Directory | Host:Directory | Directory } | [ -r] { User@Host:Directory | Host:Directory |Directory } { User@Host:Directory | Host:Directory | Directory } }

Description

The /usr/bin/rcp command is used to copy one or more files between the local host and a remote host, between two remote hosts, or between files at the same remote host.

Remote destination files and directories require a specified Host: parameter. If a remote host name is not specified for either the source or the destination, the rcp command is equivalent to the cp command. Local file and directory names do not require a Host: parameter.

Note: The rcp command assumes that a : (colon) terminates a host name. When you want to use a : in a filename, use a / (slash) in front of the filename or use the full path name, including the /.

If a Host is not prefixed by a User@ parameter, the local user name is used at the remote host. If a User@ parameter is entered, that name is used.

If the path for a file or directory on a remote host is not specified or is not fully qualified, the path is interpreted as beginning at the home directory for the remote user account. Additionally, any metacharacters that must be interpreted at a remote host must be quoted using a \ (backslash), a " (double quotation mark), or a ' (single quotation mark).

File Permissions and Ownership

By default, the permissions mode and ownership of an existing destination file are preserved. Usually, if a destination file does not exist, the permissions mode of the destination file is equal to the permissions mode of the source file as modified by the umask command (a special command in the Korn shell) at the destination host. If the rcp command -p flag is set, the modification time and mode of source files are preserved at the destination host.

The user name entered for the remote host determines the file access privileges the rcp command uses at that host. Additionally, the user name given to a destination host determines the ownership and access modes of the resulting destination file or files.

Using Standard Authentication

The remote host allows access if one of the following conditions is satisfied:

The local host is included in the remote host /etc/hosts.equiv file and the remote user is not the root user.
The local host and user name is included in a $HOME/.rhosts file on the remote user account.

Although you can set any permissions for the $HOME/.rhosts file, it is recommended that the permissions of the .rhosts file be set to 600 (read and write by owner only).

In addition to the preceding conditions, the rcp command also allows access to the remote host if the remote user account does not have a password defined. However, for security reasons, the use of a password on all user accounts is recommended.

For Kerberos 5 Authentication

The remote host allows access only if all of the following conditions are satisfied:

The local user has current DCE credentials.
The local and remote systems are configured for Kerberos 5 authentication (On some remote systems, this may not be necessary. It is necessary that a daemon is listening to the klogin port).
The remote system accepts the DCE credentials as sufficient for access to the remote account. See the kvalid_user function for additional information.

rcp and Named Pipelines

Do not use the rcp command to copy named pipelines, or FIFOs, (special files created with the mknod -p command). The rcp command uses the open subroutine on the files that it copies, and this subroutine blocks on blocking devices like a FIFO pipe.

Restrictions

The SP Kerberos V4 rcp execution path does not support remote-to-remote copy as Kerberos does not support forwarding credentials. The message you would receive under these circumstances is the message indicating you do not have tickets and must use kinit to login. The message would be issued from the remote source machine. Please see the example below for using Kerberos to perform a remote-to-remote copy.

Flags

Item	Description
-p	Preserves the modification times and modes of the source files in the copies sent to the destination only if the user has root authority or is the owner of the destination. Without this flag, the umask command at the destination modifies the mode of the destination file, and the modification time of the destination file is set to the time the file is received. When this flag is not used, the umask being honored is the value stored in the appropriate database. It is not the value that is set by issuing the umask command. The permission and ownership values that result from the umask command do not affect those stored in the database.
-r	Recursively copies, for directories only, each file and subdirectory in the source directory into the destination directory.
-F	Causes the credentials to be forwarded. In addition, the credentials on the remote system will be marked forwardable (allowing them to be passed to another remote system). This flag will be ignored if Kerberos 5 is not the current authentication method. Authentication will fail if the current DCE credentials are not marked forwardable.
-k realm	Allows the user to specify the realm of the remote station if it is different from the local systems realm. For these purposes, a realm is synonymous with a DCE cell. This flag will be ignored if Kerberos 5 is not the current authentication method.
-m	Support for metacharacters in filenames.

Parameters

Item	Description
Host:File	Specifies the host name (Host) and file name (File) of the remote destination file, separated by a : (colon). Note: Because the rcp command assumes that a : (colon) terminates a host name, you must insert a \ (backslash) before any colons that are embedded in the local file and directory names.
User@Host:File	Specifies the user name (User@) that the rcp command uses to set ownership of the transferred file, the host name (Host), and file name (File) of the remote destination file. The user name entered for the remote host determines the file access privileges the rcp command uses at that host.
File	Specifies the file name of the local destination file.
Host:Directory	Specifies the host name (Host) and directory name (Directory) of the remote destination directory. Note: Because the rcp command assumes that a : (colon) terminates a host name, you must insert a \ (backslash) before any colons that are embedded in the local file and directory names.
User@Host:Directory	Specifies the user name (User@) the rcp command uses to set ownership of the transferred file, the host name (Host), and directory name (Directory) of the remote destination directory. The user name entered for the remote host determines the file access privileges the rcp command uses at that host.
Directory	The directory name of the local destination directory.

Exit Status

This command returns the following exit values:

Item	Description
0	Successful completion.
>0	An error occurred.

Security

The remote host allows access only if at least one of the following conditions is satisfied:

The local user ID is listed as a principal in the authentication database and had performed a kinit to obtain an authentication ticket.
If a $HOME/.klogin file exists, it must be located in the local user's $HOME directory on the target system. The local user must be listed as well as any users or services allowed to rsh into this account. This file performs a similar function to a local .rhosts file. Each line in this file should contain a principal in the form of "principal.instance@realm." If the originating user is authenticated as one of the principals named in .klogin, access is granted to the account. The owner of the account is granted access if there is no .klogin file.

For security reasons, any $HOME/.klogin file must be owned by the remote user and only the AIX® owner ID should have read and write access (permissions = 600) to .klogin.

Attention RBAC users and Trusted AIX users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.

Examples

In the following examples, the local host is listed in the /etc/hosts.equiv file at the remote host.

To copy a local file to a remote host, enter:
```
rcp localfile host2:/home/eng/jane
```
The file localfile from the local host is copied to the remote host host2.
To copy a remote file from one remote host to another remote host, enter:
```
rcp host1:/home/eng/jane/newplan host2:/home/eng/mary
```
The file /home/eng/jane/newplan is copied from remote host host1 to remote host host2.
To send the directory subtree from the local host to a remote host and preserve the modification times and modes, enter:
rcp -p -r report jane@host2:report
The directory subtree report is copied from the local host to the home directory of user jane at remote host host2 and all modes and modification times are preserved. The remote file /home/jane/.rhosts includes an entry specifying the local host and user name.
This example shows how the root user can issue an rcp on a remote host when the authentication is Kerberos 4 on both the target and server. The root user must be in the authentication database and must have already issued kinit on the local host. The command is issued at the local host to copy the file, stuff, from node r05n07 to node r05n05 on an SP.
```
/usr/lpp/ssp/rcmd/bin/rsh r05n07 'export KRBTKTFILE=/tmp/rcmdtkt$$; \ 
/usr/lpp/ssp/rcmd/bin/rcmdtgt; \ 
/usr/lpp/ssp/rcmd/bin/rcp /tmp/stuff r05n05:/tmp/stuff;' 
```
The root user sets the KRBTKTFILE environment variable to the name of a temporary ticket-cache file and then obtains a service ticket by issuing the rcmdtgt command. The rcp uses the service ticket to authenticate from host r05n07 to host r05n05.

Files

Item	Description
$HOME/.klogin	Specifies remote users that can use a local user account.
/usr/lpp/ssp/rcmd/bin/rcp	Link to AIX Secure /usr/bin/rsh that calls the SP Kerberos 4 rcp routine if applicable.

Prerequisite Information

Refer to the chapter on security in IBM® Parallel System Support Programs for AIX: Administration Guide for an overview. You can access this publication at the following Web site: http://www.rs6000.ibm.com/resource/aix_resource

Refer to the "RS/6000® SP Files and Other Technical Information" section of IBM Parallel System Support Programs for AIX: Command and Technical Reference for additional Kerberos information. You can access this publication at the following Web site: http://www.rs6000.ibm.com/resource/aix_resource