1
2MUNGE(1) MUNGE Uid 'N' Gid Emporium MUNGE(1)
3
4
5
7 munge - MUNGE credential encoder
8
9
11 munge [OPTION]...
12
13
15 The munge program creates an MUNGE credential containing the UID and
16 GID of the calling process. Additional payload data can be encapsu‐
17 lated in as well. The returned credential can be passed to another
18 process which can validate its contents (e.g., via the unmunge pro‐
19 gram). This allows an unrelated and potentially remote process to as‐
20 certain the identity of the calling process.
21
22 By default, payload input is read from stdin and the credential is
23 written to stdout.
24
25
27 -h, --help
28 Display a summary of the command-line options.
29
30 -L, --license
31 Display license information.
32
33 -V, --version
34 Display version information.
35
36 -n, --no-input
37 Discard all input for the payload.
38
39 -s, --string string
40 Input payload from the specified string.
41
42 -i, --input path
43 Input payload from the specified file.
44
45 -o, --output path
46 Output the credential to the specified file.
47
48 -c, --cipher string
49 Specify the cipher type, either by name or number.
50
51 -C, --list-ciphers
52 Display a list of supported cipher types.
53
54 -m, --mac string
55 Specify the MAC type, either by name or number.
56
57 -M, --list-macs
58 Display a list of supported MAC types.
59
60 -z, --zip string
61 Specify the compression type, either by name or number.
62
63 -Z, --list-zips
64 Display a list of supported compression types.
65
66 -u, --restrict-uid uid
67 Specify the user name or UID allowed to decode the credential.
68 This will be matched against the effective user ID of the
69 process requesting the credential decode.
70
71 -U, --uid uid
72 Specify the user name or UID under which to request the creden‐
73 tial. This requires root privileges or the CAP_SETUID capabil‐
74 ity.
75
76 -g, --restrict-gid gid
77 Specify the group name or GID allowed to decode the credential.
78 This will be matched against the effective group ID of the
79 process requesting the credential decode, as well as each sup‐
80 plementary group of which the effective user ID of that process
81 is a member.
82
83 -G, --gid gid
84 Specify the group name or GID under which to request the creden‐
85 tial. This requires root privileges or the CAP_SETGID capabil‐
86 ity.
87
88 -t, --ttl seconds
89 Specify the time-to-live (in seconds). This controls how long
90 the credential is valid once it has been encoded. A value of 0
91 selects the default TTL. A value of -1 selects the maximum al‐
92 lowed TTL. Note that munged can impose a maximum allowable TTL
93 for all credentials which may be smaller than this value.
94
95 -S, --socket path
96 Specify the local socket for connecting with munged.
97
98
100 The munge program returns a zero exit code when the credential is suc‐
101 cessfully created and returned. On error, it prints an error message
102 to stderr and returns a non-zero exit code.
103
104
106 Chris Dunlap <cdunlap@llnl.gov>
107
108
110 Copyright (C) 2007-2022 Lawrence Livermore National Security, LLC.
111 Copyright (C) 2002-2007 The Regents of the University of California.
112
113 MUNGE is free software: you can redistribute it and/or modify it under
114 the terms of the GNU General Public License as published by the Free
115 Software Foundation, either version 3 of the License, or (at your op‐
116 tion) any later version.
117
118 Additionally for the MUNGE library (libmunge), you can redistribute it
119 and/or modify it under the terms of the GNU Lesser General Public Li‐
120 cense as published by the Free Software Foundation, either version 3 of
121 the License, or (at your option) any later version.
122
123
125 remunge(1), unmunge(1), munge(3), munge_ctx(3), munge_enum(3),
126 munge(7), munged(8), mungekey(8).
127
128 https://dun.github.io/munge/
129
130
131
132munge-0.5.15 2022-06-22 MUNGE(1)