When trying to update root's or other system user's passwords on all machines configured to our master PMD, some remote nodes fail to update the password with the error "ERROR: Failed to update USER USER1 (10023) Cannot add/update/delete an untouchable user (5122). Many other account passwords are updated appropriately.
An untouchable user is considered any system user that has a UID or GID not found within the allowed range defined in the seos.ini and seos service will not modify these users.
Default range is
AllowedUidRange = 100, 30000
AllowedGidRange = 100, 30000
Edit the seos.ini on the specific endpoint to increase the range of UID/GID that seos services can administrator using one of the following methods.
The following two tokens can be updated to include root user UID "0" using a "-1" as the starting value.
Modify the seos.ini directly
[passwd]
AllowedUidRange = -1,30000
AllowedGidRange = -1,30000
To update the seos.ini without stopping seos services
$SEOSDIR/bin/seini -s passwd.AllowedUidRange -1,30000
$SEOSDIR/bin/seini -s passwd.AllowedGidRange -1,30000
The following rules can be added to be pushed to all endpoints in the PMD structure
env config; er config seos.ini section(passwd) token(AllowedzUidRange) value("-1,30000")
env config; er config seos.ini section(passwd) token(AllowedGidRange) value("-1,30000")
As documented in the product manuals, the applied lower limit for any number is +1 of the specified lower limit. For example, if AllowedGidRange = 100, 30000, then 101 is treated as the lower limit.