An administrator is using selang to add users to groups that also exist natively. When trying to add the users to certain groups, selang gives an error about the group being untouchable.
AC> join selangtest group(unixgroup) unix
(localhost)
Successfully joined USER selangtest to group unixgroup
(localhost)
Unix :
======
ERROR: Failed to update GROUP unixgroup
Cannot add/update/delete an untouchable group
Privileged Identity Manager, 12.8
PAM Server Control, 14.x
The GID for the group is not within the AllowedGidRange value in seos.ini, so the group is untouchable.
In order to update the token without having to stop the endpoint and manually update seos.ini, the following command can be used in selang. A value of "10,30000" was used in this example, but the value should be changed to fit the environment's need.
AC> env config; er config section(passwd) token(AllowedGidRange) value("10,30000")