When trying to update root's or other system user's passwords on all machines configured to our master PMD, some remote nodes fail to update the password with the error "ERROR: Failed to update USER USER1 (10023) Cannot add/update/delete an untouchable user (5122). Many other account passwords are updated appropriately.

An untouchable user is considered any system user that has a UID or GID not found within the allowed range defined in the seos.ini and seos service will not modify these users.

Default range is

AllowedUidRange = 100, 30000

AllowedGidRange = 100, 30000

Edit the seos.ini on the specific endpoint to increase the range of UID/GID that seos services can administrator using one of the following methods.

The following two tokens can be updated to include root user UID "0" using a "-1" as the starting value.

Modify the seos.ini directly 

   [passwd]

   AllowedUidRange = -1,30000
   AllowedGidRange = -1,30000

To update the seos.ini without stopping seos services

   $SEOSDIR/bin/seini -s passwd.AllowedUidRange -1,30000
   $SEOSDIR/bin/seini -s passwd.AllowedGidRange -1,30000

The following rules can be added to be pushed to all endpoints in the PMD structure

   env config; er config seos.ini section(passwd) token(AllowedzUidRange) value("-1,30000")

   env config; er config seos.ini section(passwd) token(AllowedGidRange) value("-1,30000")

As documented in the product manuals, the applied lower limit for any number is +1 of the specified lower limit. For example, if AllowedGidRange = 100, 30000, then 101 is treated as the lower limit.