munge - MUNGE credential encoder
The munge program creates an MUNGE credential containing
the UID and GID of the calling process. Additional payload data can be
encapsulated in as well. The returned credential can be passed to another
process which can validate its contents (e.g., via the unmunge
program). This allows an unrelated and potentially remote process to
ascertain the identity of the calling process.
By default, payload input is read from stdin and the credential is
written to stdout.
- -h, --help
- Display a summary of the command-line options.
- -L, --license
- Display license information.
- -V, --version
- Display version information.
- -n, --no-input
- Discard all input for the payload.
- -s, --string
string
- Input payload from the specified string.
- -i, --input
path
- Input payload from the specified file.
- -o, --output
path
- Output the credential to the specified file.
- -c, --cipher
string
- Specify the cipher type, either by name or number.
- -C, --list-ciphers
- Display a list of supported cipher types.
- -m, --mac
string
- Specify the MAC type, either by name or number.
- -M, --list-macs
- Display a list of supported MAC types.
- -z, --zip
string
- Specify the compression type, either by name or number.
- -Z, --list-zips
- Display a list of supported compression types.
- -u, --restrict-uid
uid
- Specify the user name or UID allowed to decode the credential. This will
be matched against the effective user ID of the process requesting the
credential decode.
- -U, --uid
uid
- Specify the user name or UID under which to request the credential. This
requires root privileges or the CAP_SETUID capability.
- -g, --restrict-gid
gid
- Specify the group name or GID allowed to decode the credential. This will
be matched against the effective group ID of the process requesting the
credential decode, as well as each supplementary group of which the
effective user ID of that process is a member.
- -G, --gid
gid
- Specify the group name or GID under which to request the credential. This
requires root privileges or the CAP_SETGID capability.
- -t, --ttl
seconds
- Specify the time-to-live (in seconds). This controls how long the
credential is valid once it has been encoded. A value of 0 selects the
default TTL. A value of -1 selects the maximum allowed TTL. Note that
munged can impose a maximum allowable TTL for all credentials which
may be smaller than this value.
- -S, --socket
path
- Specify the local socket for connecting with munged.
The munge program returns a zero exit code when the
credential is successfully created and returned. On error, it prints an
error message to stderr and returns a non-zero exit code.
Chris Dunlap <cdunlap@llnl.gov>
Copyright (C) 2007-2022 Lawrence Livermore National Security, LLC.
Copyright (C) 2002-2007 The Regents of the University of California.
MUNGE is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the Free
Software Foundation, either version 3 of the License, or (at your option)
any later version.
Additionally for the MUNGE library (libmunge), you can
redistribute it and/or modify it under the terms of the GNU Lesser General
Public License as published by the Free Software Foundation, either version
3 of the License, or (at your option) any later version.