Why Wouldn't Root Be Able to Change a Zone's IP Address in Oracle Solaris 11?

Posted by rickramsey on Oracle Blogs See other posts from Oracle Blogs or by rickramsey
Published on Mon, 18 Aug 2014 15:40:14 +0000 Indexed on 2014/08/18 22:27 UTC
Read the original article Hit count: 314

Filed under:




You might assume that if you have root access to an Oracle Solaris zone, you'd be able to change the root's IP address. If so, you'd proceed along these lines ...


  1. First, you'd log in:
  2. root@global_zone:~# zlogin user-zone
  3. Then you'd remove the IP interface:
  4. root@user-zone:~# ipadm delete-ip vnic0
  5. Next, you'd create a new IP interface:
  6. root@user-zone:~# ipadm create-ip vnic0
  7. Then you'd assign the IP interface a new IP address (10.0.0.10):
  8. root@user-zone:~# ipadm create-addr -a local=10.0.0.10/24 vnic0/v4
    ipadm: cannot create address: Permission denied




Why would that happen? Here are some potential reasons:

  • You're in the wrong zone
  • Nobody bothered to tell you that you were fired last week.
  • The sysadmin for the global zone (probably your ex-girlfriend) enabled link protection mode on the zone with this sweet little command:
  • root@global_zone:~# dladm set-linkprop -p \ protection=mac-nospoof,restricted,ip-nospoof vnic0

How'd your ex-girlfriend learn to do that? By reading this article:

Securing a Cloud-Based Data Center with Oracle Solaris 11

by Orgad Kimchi, Ron Larson, and Richard Friedman

When you build a private cloud, you need to protect sensitive data not only while it's in storage, but also during transmission between servers and clients, and when it's being used by an application. When a project is completed, the cloud must securely delete sensitive data and make sure the original data is kept secure. These are just some of the many security precautions a sysadmin needs to take to secure data in a cloud infrastructure. Orgad, Ron, and Richard and explain the rest and show you how to employ the security features in Oracle Solaris 11 to protect your cloud infrastructure. Part 2 of a three-part article on cloud deployments that use the Oracle Solaris Remote Lab as a case study.

About the Photograph

That's the fence separating a small group of tourist cabins from a pasture in the small town of Tropic, Utah.

Follow Rick on:
Personal Blog | Personal Twitter | Oracle Forums
  Follow OTN Garage on:
Web | Facebook | Twitter | YouTube

© Oracle Blogs or respective owner

Related posts about /Solaris