mirror of https://github.com/mkerrisk/man-pages
user-keyring.7: Various reworking and improvements
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
3079720351
commit
f6993c8cde
|
@ -18,29 +18,29 @@ Each UID the kernel deals with has its own user keyring.
|
|||
This keyring is associated with the record that the kernel maintains
|
||||
for the UID and, once created, is retained as long as that record persists.
|
||||
It is shared amongst all processes of that UID.
|
||||
.P
|
||||
|
||||
The user keyring is created on demand when a thread requests it.
|
||||
Normally,
|
||||
this happens when
|
||||
Normally, this happens when
|
||||
.BR pam_keyinit (8)
|
||||
is invoked when a user logs in.
|
||||
.P
|
||||
|
||||
The user keyring is not searched by default by
|
||||
.BR request_key (2).
|
||||
When
|
||||
.BR pam_keyinit (8)
|
||||
creates a session keyring, it adds to it a link to the user
|
||||
keyring so that the user keyring will be searched when the session keyring is.
|
||||
.P
|
||||
|
||||
A special serial number value,
|
||||
.BR KEY_SPEC_USER_KEYRING ,
|
||||
is defined that
|
||||
can be used in lieu of the calling process's user keyring's actual serial
|
||||
number.
|
||||
.P
|
||||
From the keyctl utility, '\fB@u\fP' can be used instead of a numeric key ID in
|
||||
is defined that can be used in lieu of the actual serial number of
|
||||
the calling process's user keyring.
|
||||
|
||||
From the
|
||||
.BR keyctl (1)
|
||||
utility, '\fB@u\fP' can be used instead of a numeric key ID in
|
||||
much the same way.
|
||||
.P
|
||||
|
||||
User keyrings are independent of
|
||||
.BR clone (2),
|
||||
.BR fork (2),
|
||||
|
@ -51,9 +51,10 @@ and
|
|||
excepting that the keyring is destroyed when the UID record is destroyed when
|
||||
the last process pinning it exits.
|
||||
.P
|
||||
If it necessary to for a key associated with a user to exist beyond the UID
|
||||
record being garbage collected - for example for use by a cron script - then
|
||||
the
|
||||
If it is necessary for a key associated with a user to exist beyond the UID
|
||||
record being garbage collected\(emfor example, for use by a
|
||||
.BR cron (8)
|
||||
script\(emthen the
|
||||
.BR persistent-keyring (7)
|
||||
should be used instead.
|
||||
.P
|
||||
|
|
Loading…
Reference in New Issue