Superuser authority
- Using resource profiles in the UNIXPRIV class (preferred method).
- Using the BPX.SUPERUSER resources in the FACILITY class.
- Assigning a UID of 0 (least desirable method).
You might choose to assign a UID of 0 to multiple RACF® user IDs. However, you should minimize the number of users you assign the UID of 0 because a user with a UID of 0 can perform any z/OS UNIX function and passes all z/OS UNIX security checks.
Guideline: Instead of assigning a UID of 0, set z/OS UNIX user limits and manage superuser privileges through UNIXPRIV profiles. See Using UNIXPRIV class profiles to manage z/OS UNIX privileges for more information.
For additional details, see "Defining superusers with appropriate privileges" in z/OS UNIX System Services Planning.
Users running with the trusted or privileged attribute (for example, started tasks or jobs assigned by a RACROUTE REQUEST=VERIFY exit) are considered z/OS UNIX superusers even if their assigned UID is a value other than 0.