• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar

The Geek Diary

HowTos | Basics | Concepts

  • Solaris
    • Solaris 11
    • SVM
    • ZFS
    • Zones
    • LDOMs
    • Hardware
  • Linux
    • CentOS/RHEL 7
    • RHCSA notes
    • SuSE Linux Enterprise
    • Linux Services
  • VCS
    • VxVM
  • Interview Questions
  • oracle
    • ASM
    • mysql
    • RAC
    • oracle 12c
    • Data Guard
  • DevOps
    • Docker
    • Shell Scripting
  • Hadoop
    • Hortonworks HDP
      • HDPCA
    • Cloudera
      • CCA 131

How to delegate NTP service to non-global zone in Solaris

By admin

A system with non-global zones will share one kernel for all zones (the global zone as well as all configured non-global zone). As a result, there is only one date/time on the entire setup and this time is usually controlled by the global zone only. By default, the privilege to change the date and time is not available inside a non-global zone and therefore the NTP service will fail to adjust the time.

The default configuration for non-global zones assumes that the time synchronization is done in the global zone and that there is no need to adjust the system time from inside a non-global zone. If the administrator of a non-global zone is able to change the system time then these changes will affect all running zones (including the global zone) and this may be considered a security risk.

The time synchronization can be delegated to a non-global zone if required. Please keep in mind that multiple time adjustments from different sources will likely cause problems and that only one zone should run the NTP service. If you want to delegate the NTP synchronization to a non-global zone then it is recommended to disable the NTP service in the global zone.

As mentioned above, the ability to adjust the time is controlled by a Solaris privilege. The privilege name for this is called sys_time and the information for this privilege can be viewed by using the ppriv command:

# ppriv -lv sys_time
sys_time
        Allows a process to manipulate system time using any of the
        appropriate system calls: stime, adjtime, ntp_adjtime and
        the IA specific RTC calls.

If you are unsure whether the sys_time privilege is currently available to you then you can use the following command (as root) to check whether the privilege is available:

# ppriv -v $$ | grep sys_time

By default the command will only show output in the global zone but not in any non-global zone. By default the sys_time privilege is not assigned to a non-global zone. Starting with Solaris 10 Update 3 (11/06) the available privileges of a non-global zone can be changed by using the limitpriv option of the zonecfg command. In the default configuration the limitpriv setting would be empty:

global-zone# zonecfg -z zonename info limitpriv
limitpriv:

If you want to add the sys_time privilege to a zone then you can use the zonecfg command to modify the property and reboot the zone to activate the change:

global-zone# zonecfg -z zonename set limitpriv="default,sys_time"
global-zone# zoneadm -z zonename reboot

Once the sys_time privilege is available in the non-global zone you can continue to setup NTP as usual, i.e. configure the /etc/ntp.conf file and enable the ntp service.

Filed Under: Zones

Some more articles you might also be interested in …

  1. Resource management in solaris zones : CPU shares, capped CPU, Dedicated CPU assignment
  2. Solaris 11 : How to verify whether I’m logged into a Kernel Zone?
  3. How to change hostname in Solaris 8, 9 and 10
  4. How to provide unique hostid for a non global zone
  5. Troubleshooting Oracle Solaris Zones (containers) installation issues
  6. Solaris 10 zones troubleshooting : Unable to Share NFS File Systems From a Non-global Zone
  7. Oracle Solaris 11 Zones : New Features
  8. How to Set the TimeZone in Solaris 10,11
  9. How to configure Solaris Zone to access a CDROM
  10. Examples of adding VxFS, ZFS, SVM, UFS, lofs, Raw volumes and disk devices to non-global zones.

You May Also Like

Primary Sidebar

Recent Posts

  • Linux OS Service ‘cups’
  • “Warning: RPMDB altered outside of yum.” – On installing/updating/erasing a package using YUM command
  • How to Generate Unique IDs For MysQL Cluster Backups
  • Oracle 11g – New ASM features
  • ASM Fast Mirror Resync Feature – Example To Simulate Transient Disk Failure And Restore Disk
  • Archives
  • Contact Us
  • Copyright

© 2019 · The Geek Diary