Hi everyone,
I recently ran into a fairly subtle but impactful issue on a CyberPanel 2.4.4 server running OpenLiteSpeed on AlmaLinux 9.7, and I wanted to share the findings in case it helps others.
Symptoms
- PHP applications (Adminer in my case) stuck in login loops
- CSRF token errors even when “persistent login” was enabled
- Errors like the following in the OLS error log:
PHP Warning: session_start(): open(/var/lib/lsphp/sessions/lsphp74/...) failed: Read-only file system (30) - Host filesystem was not read-only and disk space was fine
Root Cause
OpenLiteSpeed namespace isolation mounts /var/lib as read‑only by default for security.
However, all lsphp versions ship with:
session.save_path = /var/lib/lsphp/sessions/lsphpXX/
Inside the namespace, this path is no longer writable, causing PHP sessions to fail in a way that looks like a permissions or filesystem problem, but isn’t.
Solution
- Keep namespaces enabled (they’re a good security feature)
- Enable
.user.inisupport in OLS (LSPHP_ENABLE_USER_INI=on) - Move PHP sessions to a writable per‑site path, for example:
with ownership and permissions matching CyberPanel defaults/home/<SITE>/tmp/sessions - Restart
lswsand lsphp workers
Once this was done, Adminer and other PHP apps worked normally.
Full Write‑Up
I documented the full debugging process, findings, and references on my website for those that are interested.
I’m not sure whether namespaces were enabled by default, via upgrade, or by configuration, but this setup likely affects all PHP sites when namespaces are in use.
Hopefully this saves someone else a lot of debugging time. Feedback or corrections welcome.