On Fri, Oct 03, 2008 at 02:37:28PM -0700, Jordan Brown wrote:
> Nick is trying to isolate virtual systems, not users.  I've seen this 

That was, obviously, not the impression tat I got.  It's trivial to
separate virtual systems by just running them in zones.  But if I
misread what Nick was asking, then you're right, we should respond with
documentation on how to setup zones and so on (that documentation
exists, of course, and can easily be found online; I suspect Google
knows all about it).

I think the mention of zone_enter() is what made me think take Nick's
question quite literally.  That is, I assumed that zones newbie would
not have known about zone_enter(), therefore I assumed Nick is not a

> problem on my personal hosting providers - my CGI scripts run as the 
> same user as everybody else's, in the same file system.  We'd better all 
> trust each other.  That's OK for cheesy little personal sites, but not 
> so good for real businesses.

I agree.

> It's quite possible that the IP address alone is enough to determine 
> which zone the server should run in, in which case you could probably do 
> the zone_enter before the listen().  Even without that, the host name 
> (HTTP "Host:" header) is enough, so you could do the zone_enter() early 
> in HTTP processing.

My wife's web sites (she used to seel clothing and now sells editing
services) all run on separate addresses.  Her hosting provider obviously
gets it right.

Note: the domainname used by the client in its HTTP request is available
ONLY with HTTP/1.1.  IIUC HTTP/1.0 still must be supported (die,
HTTP/1.0, die!).

> I agree with Dan that the savings here are questionable over simply 
> running separate Apaches in each zone.  [...]

I agree.

zones-discuss mailing list

Reply via email to