Migration and permissions

I am migrating several sites from one CentOS to another. The dedicated servers are owned by two different hosting companies. Most php file permissions on Server 1 are set at 644. I successfully manually transferred 5 sites with no problem, transferring the files from Server 1 to my local hard drive, then uploading from there to Server 2. Last night, I went through the same process with 2 other sites, and those sites came up with an Internal Server Error. Finally found that all the PHP files (at least those I looked at) had changed the permissions to 664 (writable by group) which produces an error on this server. However, looking at the files from the first five sites, they are all 644. And looking at the original files of the last 2 sites on Server 1, these are also set at 644. So something changed the permissions on these last 2 sites from 644 to 664. I'm trying to determine what may have cause this, and I have no answers. Tech support was no help.
LVL 1
RationalRabbitAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dave BaldwinFixer of ProblemsCommented:
Changing permissions from 644 to 664 is unlikely to cause an error.  I would look at your 'php.ini' from both sites and make sure that all the extensions you need are enabled on the 'new' server.
1
RationalRabbitAuthor Commented:
But, it is causing an error. Error log says  SoftException in Application.cpp:267: File "/home/.../public_html/index.php" is writeable by group.
a 500 error is served. Changing to 644 displays the page properly.
I did compare the ini files and the ini file on the new server is a "production" ini file. The previous ini has no such designation.
Other than that the files are quite similar, except for extensions.
Server 1
; Directory in which the loadable extensions (modules) reside.
extension_dir = "/usr/local/lib/php/extensions/no-debug-non-zts-20100525"
zend_extension="/usr/local/IonCube/ioncube_loader_lin_5.4.so"
extension="eaccelerator.so"
eaccelerator.cache_dir="/tmp/eaccelerator"
eaccelerator.check_mtime="1"
eaccelerator.compress="1"
eaccelerator.compress_level="9"
eaccelerator.debug="0"
eaccelerator.enable="1"
eaccelerator.filter=""
eaccelerator.optimizer="1"
eaccelerator.shm_max="0"
eaccelerator.shm_only="0"
eaccelerator.shm_prune_period="0"
eaccelerator.shm_size="16"
eaccelerator.shm_ttl="0"
extension="suhosin.so"

Server 2
; Directory in which the loadable extensions (modules) reside.
; http://php.net/extension-dir
; extension_dir = "./"
; On windows:
; extension_dir = "ext"

The big puzzle is that, using the same method, I already transferred 5 sites, including databases, and those sites are live on the new server, and no permissions were changed.
These last two are the ones where the permissions were changed. I deleted all the files and went through the whole process again, and the same occurred. The only change (that I am aware of) in the server between the first 5 and the last two was the instigation (in cPanel) of auto SSL.
0
Dave BaldwinFixer of ProblemsCommented:
IonCube is encryption.  I never heard of 'eaccelerator'.  'suhosin' is a security program for tightening the security of PHP programs on Apache.  Some people swear at it because it seems to cause unpredictable problems at times.

SoftException in Application.cpp:267: File "/home/.../public_html/index.php" is writeable by group.
There is nothing in what you have posted that would cause that 'error'.  Without something else causing the problem, PHP should run just fine with 664 permissions.
0
Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

David FavorLinux/LXD/WordPress/Hosting SavantCommented:
As Dave said, Changing permissions from 644 to 664 is unlikely to cause an error. This only means your Apache process can write to these files under it's group ID. This does not effect serving files. Nor will this trigger 500 errors.

The Application.cpp file is the culprit. Whatever this file does, if it enforces some type of non-PHP additional security checks, then you'll have to remove whatever this code might be (custom PHP extension maybe) or follow directions emitted (reset all your file permissions).

Tech support will be no help, unless you can provide them with the source for the Application.cpp file raising the error.

Standard PHP will run independent of file or directory write bits, because file serving only reads files, never writes files, so write permissions never come into play.
0
RationalRabbitAuthor Commented:
"SoftException in Application.cpp:267" is an suPHP error, as (apparently) working with cPanel, which assures that individual PHP files run under the user (cPanel user in this case) who executes the script, rather than the default "nobody" Apache user. It doesn't allow files to be writable by group, directories to have 777 permissions and other permission restrictions.

The new host for my server is quite on the heavy side, security-wise. suPHP slows things down, and requires a lot of CPU resources. Hopefully, I can remove it.  suPHP also will not allow you to change PHP variables using .htaccess code, instead all changes will need to be made in the php.ini file, unless one is using EasyApache4 and MultiPHP.  If Apache requires a handler, think I would opt for FastCGI. But that also uses suEXEC, which probably does the same permission thing. But I think it is a better handler unless you really need security to be super-tight.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
RationalRabbitAuthor Commented:
This is the answer to the 500 error. What is causing the permission change is a mystery, as it only has happened on 3 out of 12 sites. But it is not a major problem, as the permissions can be changed.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.