rsync --chmod: Setting Permissions on Deploy
rsync --chmod applies explicit permission changes to files and directories as they are transferred.
CI runners often build files with restrictive umasks. --chmod fixes permissions at deploy time so a web server can actually read the assets.
What it does
--chmod takes the same symbolic syntax as the chmod command and applies it during transfer. Prefix a rule with D to affect directories only or F for files only. This overrides the source modes, so you get deterministic permissions on the server regardless of how the build produced them.
Common usage
# Make dirs 755 and files 644 on the server
rsync -av --chmod=D755,F644 dist/ user@host:/var/www/app/
# Ensure group write for a shared deploy
rsync -av --chmod=Dg+s,ug+rw dist/ user@host:/srv/shared/chmod rule examples
| Rule | Effect |
|---|---|
| D755 | Directories become rwxr-xr-x |
| F644 | Files become rw-r--r-- |
| ug+rw | Add read/write for user and group |
| o-rwx | Remove all permissions for others |
| Dg+s | Set the setgid bit on directories |
In CI
Use --chmod=D755,F644 for typical static web deploys so Nginx or Apache can read everything. Without it, files built under a strict umask may land as 600 and the web server returns 403 Forbidden even though the deploy "succeeded".
Common errors in CI
If --chmod is combined with -p (perms) the explicit --chmod wins for the bits it names. A deploy that still shows wrong modes usually means the destination directory itself (created earlier) was not covered; add a D rule or fix the parent directory separately.