Skip to content
Latchkey

rsync --chmod: Setting Permissions on Deploy

rsync --chmod applies explicit permission changes to files and directories as they are transferred.

CI runners often build files with restrictive umasks. --chmod fixes permissions at deploy time so a web server can actually read the assets.

What it does

--chmod takes the same symbolic syntax as the chmod command and applies it during transfer. Prefix a rule with D to affect directories only or F for files only. This overrides the source modes, so you get deterministic permissions on the server regardless of how the build produced them.

Common usage

Terminal
# Make dirs 755 and files 644 on the server
rsync -av --chmod=D755,F644 dist/ user@host:/var/www/app/

# Ensure group write for a shared deploy
rsync -av --chmod=Dg+s,ug+rw dist/ user@host:/srv/shared/

chmod rule examples

RuleEffect
D755Directories become rwxr-xr-x
F644Files become rw-r--r--
ug+rwAdd read/write for user and group
o-rwxRemove all permissions for others
Dg+sSet the setgid bit on directories

In CI

Use --chmod=D755,F644 for typical static web deploys so Nginx or Apache can read everything. Without it, files built under a strict umask may land as 600 and the web server returns 403 Forbidden even though the deploy "succeeded".

Common errors in CI

If --chmod is combined with -p (perms) the explicit --chmod wins for the bits it names. A deploy that still shows wrong modes usually means the destination directory itself (created earlier) was not covered; add a D rule or fix the parent directory separately.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →