z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Superuser authority

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

You can assign superuser authority in three ways:
  • Using resource profiles in the UNIXPRIV class (preferred method).
  • Using the BPX.SUPERUSER resources in the FACILITY class.
  • Assigning a UID of 0 (least desirable method).

You might choose to assign a UID of 0 to multiple RACF® user IDs. However, you should minimize the number of users you assign the UID of 0 because a user with a UID of 0 can perform any z/OS UNIX function and passes all z/OS UNIX security checks.

Guideline: Instead of assigning a UID of 0, set z/OS UNIX user limits and manage superuser privileges through UNIXPRIV profiles. See Using UNIXPRIV class profiles to manage z/OS UNIX privileges for more information.

For additional details, see "Defining superusers with appropriate privileges" in z/OS UNIX System Services Planning.

Users running with the trusted or privileged attribute (for example, started tasks or jobs assigned by a RACROUTE REQUEST=VERIFY exit) are considered z/OS UNIX superusers even if their assigned UID is a value other than 0.

Parent topic: Defining user identifiers (UIDs)

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014