mirror of https://github.com/mkerrisk/man-pages
76 lines
2.4 KiB
Groff
76 lines
2.4 KiB
Groff
.\"
|
|
.\" Copyright (C) 2014 Red Hat, Inc. All Rights Reserved.
|
|
.\" Written by David Howells (dhowells@redhat.com)
|
|
.\"
|
|
.\" %%%LICENSE_START(GPLv2+_SW_ONEPARA)
|
|
.\" This program is free software; you can redistribute it and/or
|
|
.\" modify it under the terms of the GNU General Public Licence
|
|
.\" as published by the Free Software Foundation; either version
|
|
.\" 2 of the Licence, or (at your option) any later version.
|
|
.\" %%%LICENSE_END
|
|
.\"
|
|
.TH "USER-SESSION-KEYRING" 7 2016-11-01 Linux "Linux Programmer's Manual"
|
|
.SH NAME
|
|
user-session-keyring \- per-user default session keyring
|
|
.SH DESCRIPTION
|
|
The user session keyring is a keyring used to anchor keys on behalf of a user.
|
|
Each UID the kernel deals with has its own user session keyring.
|
|
This keyring is associated with
|
|
the record that the kernel maintains for the UID and, once created,
|
|
is retained as long as that record persists.
|
|
It is shared amongst all processes of that UID.
|
|
|
|
The user session keyring is created on demand when a thread requests it
|
|
or when a thread asks for its
|
|
.BR session-keyring (7)
|
|
and that keyring doesn't exist.
|
|
In the latter case, a user session keyring will be created and,
|
|
if the session keyring wasn't to be created,
|
|
the user session keyring will be set as the process's actual session keyring.
|
|
|
|
The user session keyring is searched by
|
|
.BR request_key (2)
|
|
if the actual session keyring does not exist and is ignored otherwise.
|
|
|
|
A special serial number value,
|
|
.BR KEY_SPEC_USER_SESSION_KEYRING ,
|
|
is defined
|
|
that can be used in lieu of the actual serial number of
|
|
the calling process's user session keyring.
|
|
|
|
From the
|
|
.BR keyctl (1)
|
|
utility, '\fB@us\fP' can be used instead of a numeric key ID in
|
|
much the same way.
|
|
|
|
User session keyrings are independent of
|
|
.BR clone (2),
|
|
.BR fork (2),
|
|
.BR vfork (2),
|
|
.BR execve (2),
|
|
and
|
|
.BR _exit (2)
|
|
excepting that the keyring is destroyed when the UID record is destroyed
|
|
when the last process pinning it exits.
|
|
|
|
If a user session keyring does not exist when it is accessed,
|
|
it will be created.
|
|
|
|
Rather than relying on the user session keyring,
|
|
it is strongly recommended\(emespecially if the process
|
|
is running as root\(emthat a
|
|
.BR session-keyring (7)
|
|
be set explicitly, for example by
|
|
.BR pam_keyinit (8).
|
|
.SH SEE ALSO
|
|
.ad l
|
|
.nh
|
|
.BR keyctl (1),
|
|
.BR keyctl (3),
|
|
.BR keyrings (7),
|
|
.BR persistent\-keyring (7),
|
|
.BR process\-keyring (7),
|
|
.BR session\-keyring (7),
|
|
.BR thread\-keyring (7),
|
|
.BR user\-keyring (7)
|