The  user keyring is a keyring used to anchor keys on behalf of a user.
       Each UID the kernel deals with has its own user keyring.  This  keyring
       is  associated  with  the  record that the kernel maintains for the UID
       and, once created, is retained as long as that record persists.  It  is
       shared amongst all processes of that UID.

       The  user keyring is created on demand when a thread requests it.  Nor-
       mally, this happens when pam_keyinit is invoked when a user logs in.

       The user keyring is not searched by default by request_key().  When the
       pam_keyinit  module  creates a session keyring, it adds to it a link to
       the user keyring so that the user keyring will  be  searched  when  the
       session keyring is.

       A  special  serial number value, KEY_SPEC_USER_KEYRING, is defined that
       can be used in lieu of the  calling  process's  user  keyring's  actual
       serial number.

       From  the  keyctl utility, '@u' can be used instead of a numeric key ID
       in much the same way.

       User keyrings are independent of clone(), fork(), vfork(), execve() and
       exit()  excepting  that the keyring is destroyed when the UID record is
       destroyed when the last process pinning it exits.

       If it necessary to for a key associated with a user to exist beyond the
       UID  record  being  garbage  collected  - for example for use by a cron
       script - then the persistent keyring should be used instead.

       If a user keyring does not exist when it is accessed, it will  be  cre-


Linux                             20 Feb 2014                  USER-KEYRING(7)
Man Pages Copyright Respective Owners. Site Copyright (C) 1994 - 2019 Hurricane Electric. All Rights Reserved.