1
2MUNGE(1) MUNGE Uid 'N' Gid Emporium MUNGE(1)
3
4
5
7 munge - MUNGE credential encoder
8
9
11 munge [OPTION]...
12
13
15 The munge program creates an MUNGE credential containing the UID and
16 GID of the calling process. Additional payload data can be encapsu‐
17 lated in as well. The returned credential can be passed to another
18 process which can validate its contents (e.g., via the unmunge pro‐
19 gram). This allows an unrelated and potentially remote process to
20 ascertain the identity of the calling process.
21
22 By default, payload input is read from stdin and the credential is
23 written to stdout.
24
25
27 -h, --help
28 Display a summary of the command-line options.
29
30 -L, --license
31 Display license information.
32
33 -V, --version
34 Display version information.
35
36 -n, --no-input
37 Discard all input for the payload.
38
39 -s, --string string
40 Input payload from the specified string.
41
42 -i, --input file
43 Input payload from the specified file.
44
45 -o, --output file
46 Output the credential to the specified file.
47
48 -c, --cipher string
49 Specify the cipher type, either by name or number.
50
51 -C, --list-ciphers
52 Display a list of supported cipher types.
53
54 -m, --mac string
55 Specify the MAC type, either by name or number.
56
57 -M, --list-macs
58 Display a list of supported MAC types.
59
60 -z, --zip string
61 Specify the compression type, either by name or number.
62
63 -Z, --list-zips
64 Display a list of supported compression types.
65
66 -u, --restrict-uid uid
67 Specify the user name or UID allowed to decode the credential.
68 This will be matched against the effective user ID of the
69 process requesting the credential decode.
70
71 -U, --uid uid
72 Specify the user name or UID under which to request the creden‐
73 tial. This requires root privileges or the CAP_SETUID capabil‐
74 ity.
75
76 -g, --restrict-gid gid
77 Specify the group name or GID allowed to decode the credential.
78 This will be matched against the effective group ID of the
79 process requesting the credential decode, as well as each sup‐
80 plementary group of which the effective user ID of that process
81 is a member.
82
83 -G, --gid gid
84 Specify the group name or GID under which to request the creden‐
85 tial. This requires root privileges or the CAP_SETGID capabil‐
86 ity.
87
88 -t, --ttl integer
89 Specify the time-to-live (in seconds). This controls how long
90 the credential is valid once it has been encoded. A value of 0
91 selects the default TTL. A value of -1 selects the maximum
92 allowed TTL.
93
94 -S, --socket path
95 Specify the local domain socket for connecting with munged.
96
97
99 The munge program returns a zero exit code when the credential is suc‐
100 cessfully created and returned. On error, it prints an error message
101 to stderr and returns a non-zero exit code.
102
103
105 Chris Dunlap <cdunlap@llnl.gov>
106
107
109 Copyright (C) 2007-2017 Lawrence Livermore National Security, LLC.
110 Copyright (C) 2002-2007 The Regents of the University of California.
111
112 MUNGE is free software: you can redistribute it and/or modify it under
113 the terms of the GNU General Public License as published by the Free
114 Software Foundation, either version 3 of the License, or (at your
115 option) any later version.
116
117 Additionally for the MUNGE library (libmunge), you can redistribute it
118 and/or modify it under the terms of the GNU Lesser General Public
119 License as published by the Free Software Foundation, either version 3
120 of the License, or (at your option) any later version.
121
122
124 remunge(1), unmunge(1), munge(3), munge_ctx(3), munge_enum(3),
125 munge(7), munged(8).
126
127 https://dun.github.io/munge/
128
129
130
131munge-0.5.13 2017-09-26 MUNGE(1)