User IDs for system services

Updated: April 19, 2023

For best security, after system startup, all services should be running with their own unique user and group IDs.

This practice has several benefits:

Running resource managers with non-root user IDs requires privileges that are usually only available to user ID 0, root. There are two ways to grant these privileges to resource managers not running as root:

After system startup, you can check that all processes are non-root by using the pidin utility. You can also use pidin to verify that they have not retained the setuid ability, which would permit them to revert to root.