Migration and permissions

I am migrating several sites from one CentOS to another. The dedicated servers are owned by two different hosting companies. Most php file permissions on Server 1 are set at 644. I successfully manually transferred 5 sites with no problem, transferring the files from Server 1 to my local hard drive, then uploading from there to Server 2. Last night, I went through the same process with 2 other sites, and those sites came up with an Internal Server Error. Finally found that all the PHP files (at least those I looked at) had changed the permissions to 664 (writable by group) which produces an error on this server. However, looking at the files from the first five sites, they are all 644. And looking at the original files of the last 2 sites on Server 1, these are also set at 644. So something changed the permissions on these last 2 sites from 644 to 664. I'm trying to determine what may have cause this, and I have no answers. Tech support was no help.
LVL 1
RationalRabbitAsked:
Who is Participating?
 
RationalRabbitConnect With a Mentor Author Commented:
"SoftException in Application.cpp:267" is an suPHP error, as (apparently) working with cPanel, which assures that individual PHP files run under the user (cPanel user in this case) who executes the script, rather than the default "nobody" Apache user. It doesn't allow files to be writable by group, directories to have 777 permissions and other permission restrictions.

The new host for my server is quite on the heavy side, security-wise. suPHP slows things down, and requires a lot of CPU resources. Hopefully, I can remove it.  suPHP also will not allow you to change PHP variables using .htaccess code, instead all changes will need to be made in the php.ini file, unless one is using EasyApache4 and MultiPHP.  If Apache requires a handler, think I would opt for FastCGI. But that also uses suEXEC, which probably does the same permission thing. But I think it is a better handler unless you really need security to be super-tight.
0
 
Dave BaldwinFixer of ProblemsCommented:
Changing permissions from 644 to 664 is unlikely to cause an error.  I would look at your 'php.ini' from both sites and make sure that all the extensions you need are enabled on the 'new' server.
1
 
RationalRabbitAuthor Commented:
But, it is causing an error. Error log says  SoftException in Application.cpp:267: File "/home/.../public_html/index.php" is writeable by group.
a 500 error is served. Changing to 644 displays the page properly.
I did compare the ini files and the ini file on the new server is a "production" ini file. The previous ini has no such designation.
Other than that the files are quite similar, except for extensions.
Server 1
; Directory in which the loadable extensions (modules) reside.
extension_dir = "/usr/local/lib/php/extensions/no-debug-non-zts-20100525"
zend_extension="/usr/local/IonCube/ioncube_loader_lin_5.4.so"
extension="eaccelerator.so"
eaccelerator.cache_dir="/tmp/eaccelerator"
eaccelerator.check_mtime="1"
eaccelerator.compress="1"
eaccelerator.compress_level="9"
eaccelerator.debug="0"
eaccelerator.enable="1"
eaccelerator.filter=""
eaccelerator.optimizer="1"
eaccelerator.shm_max="0"
eaccelerator.shm_only="0"
eaccelerator.shm_prune_period="0"
eaccelerator.shm_size="16"
eaccelerator.shm_ttl="0"
extension="suhosin.so"

Server 2
; Directory in which the loadable extensions (modules) reside.
; http://php.net/extension-dir
; extension_dir = "./"
; On windows:
; extension_dir = "ext"

The big puzzle is that, using the same method, I already transferred 5 sites, including databases, and those sites are live on the new server, and no permissions were changed.
These last two are the ones where the permissions were changed. I deleted all the files and went through the whole process again, and the same occurred. The only change (that I am aware of) in the server between the first 5 and the last two was the instigation (in cPanel) of auto SSL.
0
Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

 
Dave BaldwinConnect With a Mentor Fixer of ProblemsCommented:
IonCube is encryption.  I never heard of 'eaccelerator'.  'suhosin' is a security program for tightening the security of PHP programs on Apache.  Some people swear at it because it seems to cause unpredictable problems at times.

SoftException in Application.cpp:267: File "/home/.../public_html/index.php" is writeable by group.
There is nothing in what you have posted that would cause that 'error'.  Without something else causing the problem, PHP should run just fine with 664 permissions.
0
 
David FavorConnect With a Mentor Linux/LXD/WordPress/Hosting SavantCommented:
As Dave said, Changing permissions from 644 to 664 is unlikely to cause an error. This only means your Apache process can write to these files under it's group ID. This does not effect serving files. Nor will this trigger 500 errors.

The Application.cpp file is the culprit. Whatever this file does, if it enforces some type of non-PHP additional security checks, then you'll have to remove whatever this code might be (custom PHP extension maybe) or follow directions emitted (reset all your file permissions).

Tech support will be no help, unless you can provide them with the source for the Application.cpp file raising the error.

Standard PHP will run independent of file or directory write bits, because file serving only reads files, never writes files, so write permissions never come into play.
0
 
RationalRabbitAuthor Commented:
This is the answer to the 500 error. What is causing the permission change is a mystery, as it only has happened on 3 out of 12 sites. But it is not a major problem, as the permissions can be changed.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.