Thanks to all who responded! I will press the vendor further about the 'need' to have UID(0), or the 'need' to have the abilty to have beyond the limit of concurrent processes set forth by MAXPROC(USER/SYS). I ALWAYS learn a little bit more than I did before from you all!
Thanks again! Steve Horein On Thu, 16 Mar 2006 13:36:19 -0600, Steve Horein <[EMAIL PROTECTED]> wrote: >Hello listers, >While installing an upgrade to a product, the instructions indicate to >assign UID(0) to an ID. The product in question involves running a Java >server, and the webserver task supporting the Java server likewise has this >requirement. When questioning Support for the product, it was mentioned that >in Topic 5.4.1 of z/OS V1R6.0 UNIX System Services Planning, bullet 3 >explains the reason: > >"5.4.1 What can superusers do? > >Superusers can do the following: > * Pass all security checks so that the superuser can access any file in >the file system. > * Manage processes > * Have an unlimited number of processes running concurrently. For a >started procedure, this is true only if it has a UID of 0. It is not true >for a trusted or privileged process with a different UID. > * Change identity from one UID to another. > * Use setrlimit() to increase any of the system limits for a process. > >The parent process propagates its UID and TRUSTED or PRIVILEGED attribute to >a forked child process. Thus, a UID of 0 is propagated to a forked child." > >Does this mean that a non UID(0) ID cannot have concurrently running >processes? I am not yet at z/OS 1.6, and the command D OMVS,A=ALL from my >system shows a number of processes from IDs that do not have a UID assigned >at all! Most do have a UID assigned, and most that have concurrent processed >do have UID(0). My goal is to have more unique IDs, and utilize either >UNIXPRIV or BPX.SUPERUSER. Will I get bit when I move to z/OS 1.6?! > >Thanks, >Steve Horein > >---------------------------------------------------------------------- >For IBM-MAIN subscribe / signoff / archive access instructions, >send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO >Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
