Assigning a UID of 0

Although sometimes appropriate, the least desirable method of defining superusers is to assign a UID of 0 in the UID parameter in the OMVS segment of the ADDUSER or ALTUSER commands. In this environment, you risk entering commands that can damage the file system.

Tip: If you want to assign a UID of 0, also assign a secondary user ID with a nonzero UID for activities other than system management. For example, you would assign:

User ID    SMORG   UID(0)   - used for system maintenance
User ID    SMORG1  UID(7)   - used for regular programming

Example: In the following example, the ALTUSER command gives the user ID SMORG superuser authority, makes the root directory the home directory, and causes invocation of the shell in response to a TSO/E OMVS command. If the shell is to be installed, specify the HOME and PROGRAM parameters; if a shell is not to be installed, omit the HOME parameter. This user must be in a RACF® group, typically SYS1, and the group must have an OMVS GID associated with it.

ALTUSER   SMORG  OMVS(UID(0)  HOME('/')   PROGRAM('/bin/sh'))
ALTGROUP  SYS1   OMVS(GID(0))

You might choose to assign UID(0) to multiple RACF user IDs. However, try to minimize the use of UID(0). Assignment of UID(0) should be limited to the user associated with started procedures such as the OMVS kernel and the user who installs the ServerPac. It should be avoided for the user IDs belonging to the real users whenever possible.

Tip: If the SHARED.IDS profile is defined in the UNIXPRIV class, you might need to use the SHARED keyword because UID(0) is likely to be used by several IDs. For example:

ALTUSER SMORG OMVS(UID(0) SHARED HOME('/') PROGRAM('/bin/sh'))