Untouchable Error When Join a User to a Group in Selang
search cancel

Untouchable Error When Join a User to a Group in Selang

book

Article ID: 379757

calendar_today

Updated On:

Products

CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

An administrator is using selang to add users to groups that also exist natively. When trying to add the users to certain groups, selang gives an error about the group being untouchable.

AC> join selangtest group(unixgroup) unix
(localhost)
Successfully joined USER selangtest to group unixgroup
(localhost)
Unix :
======
ERROR: Failed to update GROUP unixgroup
Cannot add/update/delete an untouchable group

Environment

Privileged Identity Manager, 12.8
PAM Server Control, 14.x

Cause

The GID for the group is not within the AllowedGidRange value in seos.ini, so the group is untouchable.

Resolution

In order to update the token without having to stop the endpoint and manually update seos.ini, the following command can be used in selang. A value of "10,30000" was used in this example, but the value should be changed to fit the environment's need.

AC> env config; er config section(passwd) token(AllowedGidRange) value("10,30000")