The OWCIMOMD process changes the fsuid (file system UID) of the threads as they execute provider code. However, these providers run in the same process space as OWCIMOMD, which runs as root. The fsuid change is done for convenience of the providers so that they can determine the access that a user has to the file system. This fsuid change provides only a minimal level of security. For security purposes, the providers should be considered as running as root.
IMPORTANT:Because CIM providers must run as root they should be monitored for attacks.
For example, look in syslog files to find odd patterns of behavior or malicious activity. In addition, if CIM or its providers do security logging, look at those log files as well.