munge - Man Page

MUNGE credential encoder

Synopsis

munge [OPTION]...

Description

The munge program creates an MUNGE credential containing the UID and GID of the calling process.  Additional payload data can be encapsulated in as well.  The returned credential can be passed to another process which can validate its contents (e.g., via the unmunge program). This allows an unrelated and potentially remote process to ascertain the identity of the calling process.

By default, payload input is read from stdin and the credential is written to stdout.

Options

-h,  --help

Display a summary of the command-line options.

-L,  --license

Display license information.

-V,  --version

Display version information.

-n,  --no-input

Discard all input for the payload.

-s,  --string string

Input payload from the specified string.

-i,  --input path

Input payload from the specified file.

-o,  --output path

Output the credential to the specified file.

-c,  --cipher string

Specify the cipher type, either by name or number.

-C,  --list-ciphers

Display a list of supported cipher types.

-m,  --mac string

Specify the MAC type, either by name or number.

-M,  --list-macs

Display a list of supported MAC types.

-z,  --zip string

Specify the compression type, either by name or number.

-Z,  --list-zips

Display a list of supported compression types.

-u,  --restrict-uid uid

Specify the user name or UID allowed to decode the credential.  This will be matched against the effective user ID of the process requesting the credential decode.

-U,  --uid uid

Specify the user name or UID under which to request the credential. This requires root privileges or the CAP_SETUID capability.

-g,  --restrict-gid gid

Specify the group name or GID allowed to decode the credential.  This will be matched against the effective group ID of the process requesting the credential decode, as well as each supplementary group of which the effective user ID of that process is a member.

-G,  --gid gid

Specify the group name or GID under which to request the credential. This requires root privileges or the CAP_SETGID capability.

-t,  --ttl seconds

Specify the time-to-live (in seconds).  This controls how long the credential is valid once it has been encoded.  A value of 0 selects the default TTL. A value of -1 selects the maximum allowed TTL.  Note that munged can impose a maximum allowable TTL for all credentials which may be smaller than this value.

-S,  --socket path

Specify the local socket for connecting with munged.

Exit Status

The munge program returns a zero exit code when the credential is successfully created and returned.  On error, it prints an error message to stderr and returns a non-zero exit code.

Author

Chris Dunlap <cdunlap@llnl.gov>

See Also

remunge(1), unmunge(1), munge(3), munge_ctx(3), munge_enum(3), munge(7), munged(8), mungekey(8).

https://github.com/dun/munge

Referenced By

munge(3), munge(7), munge_ctx(3), munged(8), munge_enum(3), mungekey(8), remunge(1), unmunge(1).

2024-03-15 munge-0.5.16 MUNGE Uid 'N' Gid Emporium