Why Wouldn't Root Be Able to Change a Zone's IP Address in Oracle Solaris 11?
Posted
by rickramsey
on Oracle Blogs
See other posts from Oracle Blogs
or by rickramsey
Published on Mon, 18 Aug 2014 15:40:14 +0000
Indexed on
2014/08/18
22:27 UTC
Read the original article
Hit count: 314
/Solaris
You might assume that if you have root access to an Oracle Solaris zone, you'd be able to change the root's IP address. If so, you'd proceed along these lines ...
- First, you'd log in:
- Then you'd remove the IP interface:
- Next, you'd create a new IP interface:
- Then you'd assign the IP interface a new IP address (10.0.0.10):
root@global_zone:~# zlogin user-zone
root@user-zone:~# ipadm delete-ip vnic0
root@user-zone:~# ipadm create-ip vnic0
root@user-zone:~# ipadm create-addr -a local=10.0.0.10/24 vnic0/v4
ipadm: cannot create address: Permission denied
Why would that happen? Here are some potential reasons:
- You're in the wrong zone
- Nobody bothered to tell you that you were fired last week.
- The sysadmin for the global zone (probably your ex-girlfriend) enabled link protection mode on the zone with this sweet little command:
root@global_zone:~# dladm set-linkprop -p \
protection=mac-nospoof,restricted,ip-nospoof vnic0
How'd your ex-girlfriend learn to do that? By reading this article:
Securing a Cloud-Based Data Center with Oracle Solaris 11
by Orgad Kimchi, Ron Larson, and Richard Friedman
When you build a private cloud, you need to protect sensitive data not only while it's in storage, but also during transmission between servers and clients, and when it's being used by an application. When a project is completed, the cloud must securely delete sensitive data and make sure the original data is kept secure. These are just some of the many security precautions a sysadmin needs to take to secure data in a cloud infrastructure. Orgad, Ron, and Richard and explain the rest and show you how to employ the security features in Oracle Solaris 11 to protect your cloud infrastructure. Part 2 of a three-part article on cloud deployments that use the Oracle Solaris Remote Lab as a case study.
About the Photograph
That's the fence separating a small group of tourist cabins from a pasture in the small town of Tropic, Utah.
Follow Rick on: Personal Blog | Personal Twitter | Oracle Forums | Follow OTN Garage on: Web | Facebook | Twitter | YouTube |
© Oracle Blogs or respective owner