Change permissions upon uploading with scp

Question

I am uploading files to my shell account using scp. As I need different permissions on the server than on my computer, I'd like to have a way to easily change the permissions upon upload without needing to ssh to the account and change them manually.

Answer 1

If you're copying from a windows machine, you can use WinSCP to copy, and it has an option to set the permissions on the copied files after the upload.

If not, I think your only choice is to execute a chmod on the server after the upload, which you could do remotely with an ssh command:

scp /path/to/file server:/server/path/to/file
ssh server chmod 644 /server/path/to/file

Answer 2

My preferred working solution would be to use rsync instead:

Replace:

scp /path/to/file server:/server/path/to/file

With:

rsync --perms --chmod=u+rwx,g+rwx,o+rwx /path/to/file server:/path/to/file

This prevents you from authenticating twice. There are also a lot of other options with rsync which would probably add value such as being able to preserve owner, group, etc.

Answer 3

I have made some experiments with scp. For new files uploaded to the target server, the files have the same permissions as on the source server. If existing files are overwritten on the target server, the permissions for those files don't change.

I have done these experiments with CentOS 4.6.

Answer 4

You could do it using tar, ssh, & umask like this:

on host 1:

[saml@host1 testdir]$ pwd
/tmp/testdir

[saml@host1 testdir]$ ls -l
total 12
-rw-r--r--  1 saml saml 21 May 19 00:21 file1
-rw-r--r--  1 saml saml 48 May 19 00:21 file2
-rw-r--r--  1 saml saml 28 May 19 00:21 file3

[saml@host1 testdir]$ tar cvf - . | (ssh host2 "umask 0277; cd /tmp/testdir;tar xvf -")
./
./file1
./file2
./file3
./
./file1
./file2
./file3

on host2:

[samr@host2 testdir]$ pwd
/tmp/testdir

[samr@host2 testdir]$ ls -l
total 12
-r-------- 1 samr web 21 May 19 00:21 file1
-r-------- 1 samr web 48 May 19 00:21 file2
-r-------- 1 samr web 28 May 19 00:21 file3

You can drop the -v switches to tar which I've included here merely so that you can see the files being tarred up on host1 and sent through STDOUT (aka. -) and then getting un-tarred on host2.

NOTE: Why this works? Tar's default behavior is to unpack files using a remote user's umask. In the above example I've included the command umask to explicitly set it to something different which demonstrates that the remote tar is changing the permissions on the remote side.

Answer 5

I wrote a small script for the task in Python. You can do python script.py -p o+r some files some/dir/on/the/server/

import subprocess
import sys
from optparse import OptionParser


DEFAULT_SERVER = 'your.server.com'

parser = OptionParser()

parser.add_option("-p", "--permissions", action="store", 
                     type="str", dest="perm", metavar="PERM",
                     help="chmod files to PERM", default=None)
parser.add_option("-s", "--server", action="store", 
                     type="str", dest="serv", metavar="SERVER",
                     help="scp to SERVER", default=DEFAULT_SERVER)

options, args = parser.parse_args()
files = args[:-1]
direct = args[-1]

proc = subprocess.Popen(['scp'] + files + ['%s:%s' % (options.serv, direct)],
                        stdout=subprocess.PIPE, stderr=subprocess.PIPE)
if proc.wait() != 0:
    print >>sys.stderr, "Uploading failed!"
    sys.exit(1)

if options.perm is not None:
    arg_dict = dict(dir=direct, perm=options.perm, files=' '.join(files))
    proc = subprocess.Popen(['ssh', options.serv, 'cd %(dir)s;'
                             'chmod -R %(perm)s %(files)s' % arg_dict],
                            stdout=subprocess.PIPE, stderr=subprocess.PIPE)

Answer 6

I would suggest setting up sticky bit on the folder so that the files you upload under that folder gets that permission automatically.

chmod 1644 dir

"1" used above sets the sticky bit.

so you only have to upload one and not have to run another command afterwards.

Answer 7

Pipe the file to ssh and use umask and cat on the remote site:

cat local-file | ssh user@remote-host 'umask 077; cat > remote-file'

This is better than changing the mode after the transfer. If you want to reduce the permissions, you will have a security problem during the transfer, because scp will create the file without the restriction. If you set the umask correctly, the file will be created directly with correct permissions.

Answer 8

Assuming you are uploading to a UNIX variant, I think that the permissions ought to follow your UMASK settings. I don't recall off the top of my head which dot-files get processed for SCP, but if you set your UMASK in one of those the files you create will have it's permissions set based on it. It probably depends on what shell you use on the remote system.

Whatever you do, don't use the -p option as it does the exact opposite of what you want.