mirror of https://github.com/mkerrisk/man-pages
user-keyring.7: Various reworking and improvements
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
3079720351
commit
f6993c8cde
|
@ -18,29 +18,29 @@ Each UID the kernel deals with has its own user keyring.
|
||||||
This keyring is associated with the record that the kernel maintains
|
This keyring is associated with the record that the kernel maintains
|
||||||
for the UID and, once created, is retained as long as that record persists.
|
for the UID and, once created, is retained as long as that record persists.
|
||||||
It is shared amongst all processes of that UID.
|
It is shared amongst all processes of that UID.
|
||||||
.P
|
|
||||||
The user keyring is created on demand when a thread requests it.
|
The user keyring is created on demand when a thread requests it.
|
||||||
Normally,
|
Normally, this happens when
|
||||||
this happens when
|
|
||||||
.BR pam_keyinit (8)
|
.BR pam_keyinit (8)
|
||||||
is invoked when a user logs in.
|
is invoked when a user logs in.
|
||||||
.P
|
|
||||||
The user keyring is not searched by default by
|
The user keyring is not searched by default by
|
||||||
.BR request_key (2).
|
.BR request_key (2).
|
||||||
When
|
When
|
||||||
.BR pam_keyinit (8)
|
.BR pam_keyinit (8)
|
||||||
creates a session keyring, it adds to it a link to the user
|
creates a session keyring, it adds to it a link to the user
|
||||||
keyring so that the user keyring will be searched when the session keyring is.
|
keyring so that the user keyring will be searched when the session keyring is.
|
||||||
.P
|
|
||||||
A special serial number value,
|
A special serial number value,
|
||||||
.BR KEY_SPEC_USER_KEYRING ,
|
.BR KEY_SPEC_USER_KEYRING ,
|
||||||
is defined that
|
is defined that can be used in lieu of the actual serial number of
|
||||||
can be used in lieu of the calling process's user keyring's actual serial
|
the calling process's user keyring.
|
||||||
number.
|
|
||||||
.P
|
From the
|
||||||
From the keyctl utility, '\fB@u\fP' can be used instead of a numeric key ID in
|
.BR keyctl (1)
|
||||||
|
utility, '\fB@u\fP' can be used instead of a numeric key ID in
|
||||||
much the same way.
|
much the same way.
|
||||||
.P
|
|
||||||
User keyrings are independent of
|
User keyrings are independent of
|
||||||
.BR clone (2),
|
.BR clone (2),
|
||||||
.BR fork (2),
|
.BR fork (2),
|
||||||
|
@ -51,9 +51,10 @@ and
|
||||||
excepting that the keyring is destroyed when the UID record is destroyed when
|
excepting that the keyring is destroyed when the UID record is destroyed when
|
||||||
the last process pinning it exits.
|
the last process pinning it exits.
|
||||||
.P
|
.P
|
||||||
If it necessary to for a key associated with a user to exist beyond the UID
|
If it is necessary for a key associated with a user to exist beyond the UID
|
||||||
record being garbage collected - for example for use by a cron script - then
|
record being garbage collected\(emfor example, for use by a
|
||||||
the
|
.BR cron (8)
|
||||||
|
script\(emthen the
|
||||||
.BR persistent-keyring (7)
|
.BR persistent-keyring (7)
|
||||||
should be used instead.
|
should be used instead.
|
||||||
.P
|
.P
|
||||||
|
|
Loading…
Reference in New Issue