Steps for setting up security procedures for daemons

Before you begin: You need to assume the following:

You want the added system integrity of having BPX.DAEMON defined.
Daemons will share the OMVSKERN user ID and be started from /etc/rc.

Perform the following steps to define and start daemons.

Define the group OMVSGRP.
```
ADDGROUP
OMVSGRP OMVS(GID(1))
```
_______________________________________________________________
Define the user OMVSKERN.
```
ADDUSER OMVSKERN DFLTGRP(OMVSGRP)
OMVS(UID(0) HOME('/') PROGRAM('/bin/sh'))
NOPASSWORD 
```
NOPASSWORD indicates that OMVSKERN is a protected user ID; it cannot be used to enter the system by using a password or password phrase. The user ID will not be revoked due to invalid logon attempts.

_______________________________________________________________
Add the daemon cataloged procedure to the RACF® STARTED class or the Started Procedure table, module ICHRIN03. Do not make it trusted. See Steps for preparing RACF.
_______________________________________________________________
Create the BPX.DAEMON FACILITY class profile.
```
RDEFINE FACILITY
BPX.DAEMON UACC(NONE)
```
_______________________________________________________________
Grant daemon authority to the kernel.
```
PERMIT BPX.DAEMON
CLASS(FACILITY) ID(OMVSKERN) ACCESS(READ)
```
_______________________________________________________________
Activate program control if you have not already done so and ensure that the daemon programs and Language Environment® runtime library are in a library that is controlled by z/OS.
```
SETROPTS WHEN(PROGRAM)
RDEFINE PROGRAM * ADDMEM
('CEE.SCEERUN'/RTLPAK/NOPADCHK
'SYS1.LINKLIB'/'******'/NOPADCHK) UACC(READ)
SETROPTS WHEN(PROGRAM) REFRESH
```
Change RTLPAK to the pack that the PDS resides on.
Tip: You can use PROGRAM PROFILE ** instead of PROGRAM PROFILE *.

_______________________________________________________________

When you are done, you have set up and defined daemons.