Preparing the address space of the RACF subsystem

Add an OMVS segment to the user ID and an OMVS segment to the default group of the RACF® subsystem address space. Use the output of the SET LIST command to identify the user ID of the RACF subsystem.
You can specify the UID and GID values of your choice by explicitly assigning a unique UID with the UID operand of the ALTUSER command, and by explicitly assigning a GID using the GID operand of the ALTGROUP command.

Alternatively, use the AUTOUID and AUTOGID keywords to automatically assign a unique UID and GID. (For setup instructions, see Enabling automatic assignment of unique UNIX identities.) For example, if the RACF subsystem runs under the user ID RACFSUB whose default group is STCGRP, execute the following commands to add OMVS segments:
Example:
```
ALTUSER RACFSUB OMVS(AUTOUID HOME(/) PROGRAM(/bin/sh))
ALTGROUP STCGRP OMVS(AUTOGID)
```
If the RACF subsystem identity does not have the TRUSTED or PRIVILEGED attribute, it will require the necessary FACILITY class authorization in order to extract certificates from a key ring. (The certificate setup is described in Generating an X.509 V3 certificate for the RACF address space.)
```
RDEFINE FACILITY IRR.DIGTCERT.LISTRING UACC(NONE)
PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) ID(RACFSUB) ACCESS(READ)
```
You might already be protecting this resource, perhaps with a generic profile. Modify this step as needed for your environment.

Guideline: If your installation uses RACF remote sharing facility (RRSF), assign the TRUSTED attribute to the RACF address space user ID.