Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Superuser authority z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
You can assign superuser authority in three ways:
You might choose to assign a UID of 0 to multiple RACF® user IDs. However, you should minimize the number of users you assign the UID of 0 because a user with a UID of 0 can perform any z/OS UNIX function and passes all z/OS UNIX security checks. Guideline: Instead of assigning a UID of 0, set z/OS UNIX user limits and manage superuser privileges through UNIXPRIV profiles. See Using UNIXPRIV class profiles to manage z/OS UNIX privileges for more information. For additional details, see "Defining superusers with appropriate privileges" in z/OS UNIX System Services Planning. Users running with the trusted or privileged attribute (for example, started tasks or jobs assigned by a RACROUTE REQUEST=VERIFY exit) are considered z/OS UNIX superusers even if their assigned UID is a value other than 0. |
Copyright IBM Corporation 1990, 2014
|