Change permissions upon uploading with scp

I am uploading files to my shell account using scp. As I need different permissions on the server than on my computer, I'd like to have a way to easily change the permissions upon upload without needing to ssh to the account and change them manually.


If you're copying from a windows machine, you can use WinSCP to copy, and it has an option to set the permissions on the copied files after the upload.

If not, I think your only choice is to execute a chmod on the server after the upload, which you could do remotely with an ssh command:

scp /path/to/file server:/server/path/to/file
ssh server chmod 644 /server/path/to/file

My preferred working solution would be to use rsync instead:


scp /path/to/file server:/server/path/to/file


rsync --chmod=u+rwx,g+rwx,o+rwx /path/to/file server:/path/to/file

This prevents you from authenticating twice. There are also a lot of other options with rsync which would probably add value such as being able to preserve owner, group, etc.

You could do it using tar, ssh, & umask like this:

on host 1:

[[email protected] testdir]$ pwd

[[email protected] testdir]$ ls -l
total 12
-rw-r--r--  1 saml saml 21 May 19 00:21 file1
-rw-r--r--  1 saml saml 48 May 19 00:21 file2
-rw-r--r--  1 saml saml 28 May 19 00:21 file3

[[email protected] testdir]$ tar cvf - . | (ssh host2 "umask 0277; cd /tmp/testdir;tar xvf -")

on host2:

[[email protected] testdir]$ pwd

[[email protected] testdir]$ ls -l
total 12
-r-------- 1 samr web 21 May 19 00:21 file1
-r-------- 1 samr web 48 May 19 00:21 file2
-r-------- 1 samr web 28 May 19 00:21 file3

You can drop the -v switches to tar which I've included here merely so that you can see the files being tarred up on host1 and sent through STDOUT (aka. -) and then getting un-tarred on host2.

NOTE: Why this works? Tar's default behavior is to unpack files using a remote user's umask. In the above example I've included the command umask to explicitly set it to something different which demonstrates that the remote tar is changing the permissions on the remote side.

I have made some experiments with scp. For new files uploaded to the target server, the files have the same permissions as on the source server. If existing files are overwritten on the target server, the permissions for those files don't change.

I have do these experiments with CentOS 4.6.

I wrote a small script for the task in Python. You can do python -p o+r some files some/dir/on/the/server/

import subprocess
import sys
from optparse import OptionParser


parser = OptionParser()

parser.add_option("-p", "--permissions", action="store",
                     type="str", dest="perm", metavar="PERM",
                     help="chmod files to PERM", default=None)
parser.add_option("-s", "--server", action="store",
                     type="str", dest="serv", metavar="SERVER",
                     help="scp to SERVER", default=DEFAULT_SERVER)

options, args = parser.parse_args()
files = args[:-1]
direct = args[-1]

proc = subprocess.Popen(['scp'] + files + ['%s:%s' % (options.serv, direct)],
                        stdout=subprocess.PIPE, stderr=subprocess.PIPE)
if proc.wait() != 0:
    print >>sys.stderr, "Uploading failed!"

if options.perm is not None:
    arg_dict = dict(dir=direct, perm=options.perm, files=' '.join(files))
    proc = subprocess.Popen(['ssh', options.serv, 'cd %(dir)s;'
                             'chmod -R %(perm)s %(files)s' % arg_dict],
                            stdout=subprocess.PIPE, stderr=subprocess.PIPE)

Assuming you are uploading to a UNIX variant, I think that the permissions ought to follow your UMASK settings. I don't recall off the top of my head which dot-files get processed for SCP, but if you set your UMASK in one of those the files you create will have it's permissions set based on it. It probably depends on what shell you use on the remote system.

Whatever you do, don't use the -p option as it does the exact opposite of what you want.

I would suggest setting up sticky bit on the folder so that the files you upload under that folder gets that permission automatically.

chmod 1644 dir

"1" used above sets the sticky bit.

so you only have to upload one and not have to run another command afterwards.

Category: upload Time: 2008-10-11 Views: 1

Related post

iOS development

Android development

Python development

JAVA development

Development language

PHP development

Ruby development


Front-end development


development tools

Open Platform

Javascript development

.NET development

cloud computing


Copyright (C), All Rights Reserved.

processed in 0.169 (s). 12 q(s)