# user-session-keyring(7) - man - phpMan

[USER-SESSION-KEYRING(7)](https://www.chedong.com/phpMan.php/man/USER-SESSION-KEYRING/7/markdown)               Linux Programmer's Manual              [USER-SESSION-KEYRING(7)](https://www.chedong.com/phpMan.php/man/USER-SESSION-KEYRING/7/markdown)



## NAME
       user-session-keyring - per-user default session keyring

## DESCRIPTION
       The  user session keyring is a keyring used to anchor keys on behalf of a user.  Each UID the
       kernel deals with has its own user session keyring that is shared by all processes with  that
       UID.   The  user  session  keyring  has a name (description) of the form __uid_ses.<UID>_ where
       _<UID>_ is the user ID of the corresponding user.

       The user session keyring is associated with the record that the kernel maintains for the UID.
       It comes into existence upon the first attempt to access either the user session keyring, the
       [**user-keyring**(7)](https://www.chedong.com/phpMan.php/man/user-keyring/7/markdown), or the [**session-keyring**(7)](https://www.chedong.com/phpMan.php/man/session-keyring/7/markdown).  The keyring remains pinned in existence so  long
       as  there  are processes running with that real UID or files opened by those processes remain
       open.  (The keyring can also be pinned indefinitely by linking it into another keyring.)

       The user session keyring is created on demand when a thread requests it or when a thread asks
       for  its  [**session-keyring**(7)](https://www.chedong.com/phpMan.php/man/session-keyring/7/markdown) and that keyring doesn't exist.  In the latter case, a user ses‐
       sion keyring will be created and, if the session keyring wasn't to be created, the user  ses‐
       sion keyring will be set as the process's actual session keyring.

       The user session keyring is searched by **request**___**[key**(2)](https://www.chedong.com/phpMan.php/man/key/2/markdown) if the actual session keyring does not
       exist and is ignored otherwise.

       A special serial number value, **KEY**___**SPEC**___**USER**___**SESSION**___**KEYRING**, is defined that can be used  in
       lieu of the actual serial number of the calling process's user session keyring.

       From  the  [**keyctl**(1)](https://www.chedong.com/phpMan.php/man/keyctl/1/markdown)  utility, '**@us**' can be used instead of a numeric key ID in much the same
       way.

       User session keyrings are independent of [**clone**(2)](https://www.chedong.com/phpMan.php/man/clone/2/markdown), [**fork**(2)](https://www.chedong.com/phpMan.php/man/fork/2/markdown), [**vfork**(2)](https://www.chedong.com/phpMan.php/man/vfork/2/markdown), [**execve**(2)](https://www.chedong.com/phpMan.php/man/execve/2/markdown), and ___**[exit**(2)](https://www.chedong.com/phpMan.php/man/exit/2/markdown)
       excepting  that  the  keyring  is  destroyed  when  the UID record is destroyed when the last
       process pinning it exits.

       If a user session keyring does not exist when it is accessed, it will be created.

       Rather than relying on the user session keyring, it is strongly recommended—especially if the
       process  is  running  as  root—that  a  [**session-keyring**(7)](https://www.chedong.com/phpMan.php/man/session-keyring/7/markdown)  be set explicitly, for example by
       **pam**___**[keyinit**(8)](https://www.chedong.com/phpMan.php/man/keyinit/8/markdown).

## NOTES
       The user session keyring was added to support situations where a process doesn't have a  ses‐
       sion  keyring,  perhaps  because  it was created via a pathway that didn't involve PAM (e.g.,
       perhaps it was a daemon started by [**inetd**(8)](https://www.chedong.com/phpMan.php/man/inetd/8/markdown)).  In such a scenario, the user  session  keyring
       acts as a substitute for the [**session-keyring**(7)](https://www.chedong.com/phpMan.php/man/session-keyring/7/markdown).

## SEE ALSO
       [**keyctl**(1)](https://www.chedong.com/phpMan.php/man/keyctl/1/markdown), [**keyctl**(3)](https://www.chedong.com/phpMan.php/man/keyctl/3/markdown), [**keyrings**(7)](https://www.chedong.com/phpMan.php/man/keyrings/7/markdown), [**persistent-keyring**(7)](https://www.chedong.com/phpMan.php/man/persistent-keyring/7/markdown), [**process-keyring**(7)](https://www.chedong.com/phpMan.php/man/process-keyring/7/markdown),
       [**session-keyring**(7)](https://www.chedong.com/phpMan.php/man/session-keyring/7/markdown), [**thread-keyring**(7)](https://www.chedong.com/phpMan.php/man/thread-keyring/7/markdown), [**user-keyring**(7)](https://www.chedong.com/phpMan.php/man/user-keyring/7/markdown)

## COLOPHON
       This page is part of release 5.10 of the Linux _man-pages_ project.  A description of the
       project, information about reporting bugs, and the latest version of this page, can be found
       at <https://www.kernel.org/doc/man-pages/>.



Linux                                        2020-08-13                      [USER-SESSION-KEYRING(7)](https://www.chedong.com/phpMan.php/man/USER-SESSION-KEYRING/7/markdown)