2016-11-01 15:45:23 +00:00
|
|
|
.\"
|
|
|
|
|
.\" Copyright (C) 2014 Red Hat, Inc. All Rights Reserved.
|
|
|
|
|
.\" Written by David Howells (dhowells@redhat.com)
|
|
|
|
|
.\"
|
2016-11-02 11:24:22 +00:00
|
|
|
.\" %%%LICENSE_START(GPLv2+_SW_ONEPARA)
|
2016-11-01 15:45:23 +00:00
|
|
|
.\" This program is free software; you can redistribute it and/or
|
|
|
|
|
.\" modify it under the terms of the GNU General Public Licence
|
|
|
|
|
.\" as published by the Free Software Foundation; either version
|
|
|
|
|
.\" 2 of the Licence, or (at your option) any later version.
|
2016-11-02 11:24:22 +00:00
|
|
|
.\" %%%LICENSE_END
|
2016-11-01 15:45:23 +00:00
|
|
|
.\"
|
2016-11-01 17:16:43 +00:00
|
|
|
.TH "USER-KEYRING" 7 2016-11-01 Linux "Linux Programmer's Manual"
|
2016-11-01 15:45:23 +00:00
|
|
|
.SH NAME
|
2016-11-01 17:26:22 +00:00
|
|
|
user-keyring \- per-user keyring
|
2016-11-01 15:45:23 +00:00
|
|
|
.SH DESCRIPTION
|
2016-11-01 18:08:09 +00:00
|
|
|
The user keyring is a keyring used to anchor keys on behalf of a user.
|
2016-11-01 17:45:14 +00:00
|
|
|
Each UID the kernel deals with has its own user keyring.
|
|
|
|
|
This keyring is associated with the record that the kernel maintains
|
|
|
|
|
for the UID and, once created, is retained as long as that record persists.
|
|
|
|
|
It is shared amongst all processes of that UID.
|
2016-11-01 15:45:23 +00:00
|
|
|
.P
|
2016-11-01 17:45:14 +00:00
|
|
|
The user keyring is created on demand when a thread requests it.
|
|
|
|
|
Normally,
|
2016-11-01 18:08:09 +00:00
|
|
|
this happens when
|
|
|
|
|
.BR pam_keyinit (8)
|
|
|
|
|
is invoked when a user logs in.
|
2016-11-01 15:45:23 +00:00
|
|
|
.P
|
2016-11-01 17:45:14 +00:00
|
|
|
The user keyring is not searched by default by \fBrequest_key\fP().
|
2016-11-01 18:08:09 +00:00
|
|
|
When
|
|
|
|
|
.BR pam_keyinit (8)
|
|
|
|
|
creates a session keyring, it adds to it a link to the user
|
2016-11-01 15:45:23 +00:00
|
|
|
keyring so that the user keyring will be searched when the session keyring is.
|
|
|
|
|
.P
|
2016-11-01 18:08:09 +00:00
|
|
|
A special serial number value,
|
|
|
|
|
.BR KEY_SPEC_USER_KEYRING ,
|
|
|
|
|
is defined that
|
2016-11-01 15:45:23 +00:00
|
|
|
can be used in lieu of the calling process's user keyring's actual serial
|
|
|
|
|
number.
|
|
|
|
|
.P
|
|
|
|
|
From the keyctl utility, '\fB@u\fP' can be used instead of a numeric key ID in
|
|
|
|
|
much the same way.
|
|
|
|
|
.P
|
2016-11-01 18:08:09 +00:00
|
|
|
User keyrings are independent of
|
|
|
|
|
.BR clone (2),
|
|
|
|
|
.BR fork (2),
|
|
|
|
|
.BR vfork (2),
|
|
|
|
|
.BR execve (2),
|
|
|
|
|
and
|
2016-11-01 18:11:11 +00:00
|
|
|
.BR _exit (2)
|
2016-11-01 15:45:23 +00:00
|
|
|
excepting that the keyring is destroyed when the UID record is destroyed when
|
|
|
|
|
the last process pinning it exits.
|
|
|
|
|
.P
|
|
|
|
|
If it necessary to for a key associated with a user to exist beyond the UID
|
|
|
|
|
record being garbage collected - for example for use by a cron script - then
|
2016-11-01 18:08:09 +00:00
|
|
|
the
|
|
|
|
|
.BR persistent-keyring (7)
|
|
|
|
|
should be used instead.
|
2016-11-01 15:45:23 +00:00
|
|
|
.P
|
|
|
|
|
If a user keyring does not exist when it is accessed, it will be created.
|
|
|
|
|
.SH SEE ALSO
|
2016-11-01 17:12:21 +00:00
|
|
|
.ad l
|
|
|
|
|
.nh
|
2016-11-01 15:45:23 +00:00
|
|
|
.BR keyctl (1),
|
|
|
|
|
.BR keyctl (3),
|
|
|
|
|
.BR keyrings (7),
|
2016-11-01 17:12:21 +00:00
|
|
|
.BR persistent\-keyring (7),
|
|
|
|
|
.BR process\-keyring (7),
|
|
|
|
|
.BR session\-keyring (7),
|
|
|
|
|
.BR thread\-keyring (7),
|
|
|
|
|
.BR user\-session\-keyring (7),
|
|
|
|
|
.BR pam_keyinit (8)
|
