{
    "content": [
        {
            "type": "text",
            "text": "# USER-SESSION-KEYRING(7) (man)\n\n**Summary:** user-session-keyring - per-user default session keyring\n\n## See Also\n\n- keyctl(1)\n- keyctl(3)\n- keyrings(7)\n- persistent-keyring(7)\n- process-keyring(7)\n- session-keyring(7)\n- thread-keyring(7)\n- user-keyring(7)\n\n## Section Outline\n\n- **NAME** (2 lines)\n- **DESCRIPTION** (35 lines)\n- **NOTES** (5 lines)\n- **SEE ALSO** (3 lines)\n- **COLOPHON** (7 lines)\n\n## Full Content\n\n### NAME\n\nuser-session-keyring - per-user default session keyring\n\n### DESCRIPTION\n\nThe  user session keyring is a keyring used to anchor keys on behalf of a user.  Each UID the\nkernel deals with has its own user session keyring that is shared by all processes with  that\nUID.   The  user  session  keyring  has a name (description) of the form uidses.<UID> where\n<UID> is the user ID of the corresponding user.\n\nThe user session keyring is associated with the record that the kernel maintains for the UID.\nIt comes into existence upon the first attempt to access either the user session keyring, the\nuser-keyring(7), or the session-keyring(7).  The keyring remains pinned in existence so  long\nas  there  are processes running with that real UID or files opened by those processes remain\nopen.  (The keyring can also be pinned indefinitely by linking it into another keyring.)\n\nThe user session keyring is created on demand when a thread requests it or when a thread asks\nfor  its  session-keyring(7) and that keyring doesn't exist.  In the latter case, a user ses‐\nsion keyring will be created and, if the session keyring wasn't to be created, the user  ses‐\nsion keyring will be set as the process's actual session keyring.\n\nThe user session keyring is searched by requestkey(2) if the actual session keyring does not\nexist and is ignored otherwise.\n\nA special serial number value, KEYSPECUSERSESSIONKEYRING, is defined that can be used  in\nlieu of the actual serial number of the calling process's user session keyring.\n\nFrom  the  keyctl(1)  utility, '@us' can be used instead of a numeric key ID in much the same\nway.\n\nUser session keyrings are independent of clone(2), fork(2), vfork(2), execve(2), and exit(2)\nexcepting  that  the  keyring  is  destroyed  when  the UID record is destroyed when the last\nprocess pinning it exits.\n\nIf a user session keyring does not exist when it is accessed, it will be created.\n\nRather than relying on the user session keyring, it is strongly recommended—especially if the\nprocess  is  running  as  root—that  a  session-keyring(7)  be set explicitly, for example by\npamkeyinit(8).\n\n### NOTES\n\nThe user session keyring was added to support situations where a process doesn't have a  ses‐\nsion  keyring,  perhaps  because  it was created via a pathway that didn't involve PAM (e.g.,\nperhaps it was a daemon started by inetd(8)).  In such a scenario, the user  session  keyring\nacts as a substitute for the session-keyring(7).\n\n### SEE ALSO\n\nkeyctl(1), keyctl(3), keyrings(7), persistent-keyring(7), process-keyring(7),\nsession-keyring(7), thread-keyring(7), user-keyring(7)\n\n### COLOPHON\n\nThis page is part of release 5.10 of the Linux man-pages project.  A description of the\nproject, information about reporting bugs, and the latest version of this page, can be found\nat https://www.kernel.org/doc/man-pages/.\n\n\n\nLinux                                        2020-08-13                      USER-SESSION-KEYRING(7)\n\n"
        }
    ],
    "structuredContent": {
        "command": "USER-SESSION-KEYRING",
        "section": "7",
        "mode": "man",
        "summary": "user-session-keyring - per-user default session keyring",
        "synopsis": null,
        "flags": [],
        "examples": [],
        "see_also": [
            {
                "name": "keyctl",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/keyctl/1/json"
            },
            {
                "name": "keyctl",
                "section": "3",
                "url": "https://www.chedong.com/phpMan.php/man/keyctl/3/json"
            },
            {
                "name": "keyrings",
                "section": "7",
                "url": "https://www.chedong.com/phpMan.php/man/keyrings/7/json"
            },
            {
                "name": "persistent-keyring",
                "section": "7",
                "url": "https://www.chedong.com/phpMan.php/man/persistent-keyring/7/json"
            },
            {
                "name": "process-keyring",
                "section": "7",
                "url": "https://www.chedong.com/phpMan.php/man/process-keyring/7/json"
            },
            {
                "name": "session-keyring",
                "section": "7",
                "url": "https://www.chedong.com/phpMan.php/man/session-keyring/7/json"
            },
            {
                "name": "thread-keyring",
                "section": "7",
                "url": "https://www.chedong.com/phpMan.php/man/thread-keyring/7/json"
            },
            {
                "name": "user-keyring",
                "section": "7",
                "url": "https://www.chedong.com/phpMan.php/man/user-keyring/7/json"
            }
        ],
        "section_outline": [
            {
                "name": "NAME",
                "lines": 2,
                "subsections": []
            },
            {
                "name": "DESCRIPTION",
                "lines": 35,
                "subsections": []
            },
            {
                "name": "NOTES",
                "lines": 5,
                "subsections": []
            },
            {
                "name": "SEE ALSO",
                "lines": 3,
                "subsections": []
            },
            {
                "name": "COLOPHON",
                "lines": 7,
                "subsections": []
            }
        ]
    }
}