Note: The important point about the setuid instruction is that, in an z/OS environment, it resets the whole security profile of the forked address space. The UID is set to the requester's UID and the current RACF user ID information (the ACEE) is changed to BOB to complement the UID. The requester's task therefore runs with access to both the UNIX and z/OS resources (data sets) owned by BOB. 3.19 z/OS UNIX level security for daemons With z/OS UNIX, there are two levels of security you can provide that are a higher level than UNIX-level security, as follows: BPX.DAEMON defined in the RACF FACILITY class; see 3.19.1, "BPX.DAEMON FACILITY class profile" on page 154. ­ RACF program control protection RACF running with enhanced program security, BPX.DAEMON defined and BPX.MAINCHECK defined. BPX.MAINCHECK is introduced with z/OS V1R4. You can use BPX.MAINCHECK for any privileged z/OS UNIX application that requires a program controlled environment, because the application uses a privileged z/OS UNIX service that requires one. An example is the __passwd() service, which is used by applications such as telnet and rlogin. See 3.19.3, "Enhanced program security mode z/OS V1R4" on page 158. ­ RACF program control protection 3.19.1 BPX.DAEMON FACILITY class profile