Skip to main content

Enabling Core Dumps for LiteSpeed / OpenLiteSpeed (LSPHP)

S
Written by Salvador Aguilar

When PHP crashes unexpectedly, a core dump captures the exact memory state of the process at the moment it died. Monarx engineering uses these files to produce a backtrace and pinpoint the root cause. This guide covers servers running LiteSpeed Web Server (LSWS Enterprise) or OpenLiteSpeed, where PHP runs as external lsphp processes — common on cPanel/CloudLinux and other LiteSpeed‑based hosts.

Which guide do I need?

Confirm you're on LiteSpeed:

ps aux | grep -E 'litespeed|lshttpd|lsphp' | grep -v grep

Seeing lsphp processes means PHP is served by LiteSpeed — continue below.

On LiteSpeed, lsphp workers are spawned by the web server (lshttpd) and run under the site's suEXEC user. They inherit resource limits from the lshttpd service, so raising the limit on the service is what enables core dumps for every lsphp child.

The LiteSpeed service/control names differ by edition:

Edition

systemd service

Control command

Install root

LiteSpeed Enterprise (LSWS)

lshttpd (a.k.a. lsws)

/usr/local/lsws/bin/lswsctrl restart

/usr/local/lsws/

OpenLiteSpeed

lshttpd (a.k.a. lsws)

systemctl restart lshttpd

/usr/local/lsws/

1. Raise the core size limit for the LiteSpeed service

The lsphp children inherit limits from lshttpd. Create a systemd override on the service:

systemctl edit lshttpd.service     # or: systemctl edit lsws.service

Add:

[Service]
LimitCORE=infinity

Then reload systemd and restart LiteSpeed (this respawns all lsphp workers so they pick up the new limit):

systemctl daemon-reload
systemctl restart lshttpd # or: /usr/local/lsws/bin/lswsctrl restart

⚠️ If LiteSpeed is not managed by systemd (started directly via lswsctrl), set the limit in the startup environment instead — add ulimit -c unlimited to /usr/local/lsws/bin/lswsctrl before the start logic, or to the init script that launches it, then restart with lswsctrl restart.

2. Set the kernel core pattern

Define where the kernel writes cores and how they're named. Add to /etc/sysctl.conf:

kernel.core_pattern = /tmp/core-%e.%p.%h.%t

The placeholders expand to %e executable name, %p PID, %h hostname, and %t timestamp. Apply it without rebooting:

sysctl -p

💡 Why /tmp? lsphp runs as the site's unprivileged suEXEC user, so the destination must be writable by that user. /tmp (sticky, world‑writable) is the most reliable target across many accounts. See the CloudLinux note below if you use CageFS.

3. Ensure the dump directory is writable by the lsphp users

If you point the pattern at a dedicated directory instead of /tmp, make it world‑writable with the sticky bit so any suEXEC user can write but only owners can delete:

mkdir -p /var/log/lsphp-cores
chmod 1777 /var/log/lsphp-cores

…and update kernel.core_pattern in step 2 to /var/log/lsphp-cores/core-%e.%p.%h.%t, then re‑run sysctl -p.

⚠️ cPanel + CloudLinux / CageFS: Each account runs inside its own virtualized filesystem, so a core written to /tmp lands in that account's /tmp (/home/virtfs/<user>/tmp/ from the host). Keeping the pattern in /tmp is simplest. If you target a custom host path, add it to CageFS and remount:

echo "/var/log/lsphp-cores" >> /etc/cagefs/cagefs.mp
cagefsctl --remount-all

Note that an absolute kernel.core_pattern is a host‑level setting and applies to all accounts.

4. Test that core dumps are generated

Find a running lsphp worker and send it SIGSEGV (signal 11). LiteSpeed respawns lsphp on the next request — no lasting impact:

ps aux | grep lsphp | grep -v grep
kill -11 <PID>

Confirm a core file appeared (check the account's /tmp on CloudLinux):

ls -lh /tmp/core-*            # or: ls -lh /var/log/lsphp-cores/

You should see a file like core-lsphp.12345.web01.1719600000. If nothing appears, re‑check steps 1–3 — most often LimitCORE wasn't applied because LiteSpeed was not fully restarted, or the destination isn't writable by the suEXEC user.

Submitting a core dump to Monarx

Core files can be large — compress before sending:

gzip /tmp/core-lsphp.12345.web01.1719600000

Send the compressed file to support@monarx.com or via the dashboard chat, and include:

  • The PHP version (/usr/local/lsws/lsphp83/bin/php -v, adjusting for your version)

  • The operating system / panel (e.g. cPanel + CloudLinux 9)

  • The LiteSpeed edition (Enterprise or OpenLiteSpeed)

Monarx engineering will run a backtrace analysis, identify the root cause, and recommend a fix.

Did this answer your question?