.\"**************************************************************************** .\" Written by Chris Dunlap . .\" Copyright (C) 2007-2017 Lawrence Livermore National Security, LLC. .\" Copyright (C) 2002-2007 The Regents of the University of California. .\" UCRL-CODE-155910. .\" .\" This file is part of the MUNGE Uid 'N' Gid Emporium (MUNGE). .\" For details, see . .\" .\" MUNGE is free software: you can redistribute it and/or modify it under .\" the terms of the GNU General Public License as published by the Free .\" Software Foundation, either version 3 of the License, or (at your option) .\" any later version. Additionally for the MUNGE library (libmunge), you .\" can redistribute it and/or modify it under the terms of the GNU Lesser .\" General Public License as published by the Free Software Foundation, .\" either version 3 of the License, or (at your option) any later version. .\" .\" MUNGE is distributed in the hope that it will be useful, but WITHOUT .\" ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or .\" FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License .\" and GNU Lesser General Public License for more details. .\" .\" You should have received a copy of the GNU General Public License .\" and GNU Lesser General Public License along with MUNGE. If not, see .\" . .\"**************************************************************************** .TH MUNGE 1 "2017-09-26" "munge-0.5.13" "MUNGE Uid 'N' Gid Emporium" .SH NAME munge \- MUNGE credential encoder .SH SYNOPSIS .B munge [\fIOPTION\fR]... .SH DESCRIPTION The \fBmunge\fR program creates an MUNGE credential containing the UID and GID of the calling process. Additional payload data can be encapsulated in as well. The returned credential can be passed to another process which can validate its contents (e.g., via the \fBunmunge\fR program). This allows an unrelated and potentially remote process to ascertain the identity of the calling process. .PP By default, payload input is read from stdin and the credential is written to stdout. .SH OPTIONS .TP .BI "\-h, \-\-help" Display a summary of the command-line options. .TP .BI "\-L, \-\-license" Display license information. .TP .BI "\-V, \-\-version" Display version information. .TP .BI "\-n, \-\-no\-input" Discard all input for the payload. .TP .BI "\-s, \-\-string " string Input payload from the specified string. .TP .BI "\-i, \-\-input " file Input payload from the specified file. .TP .BI "\-o, \-\-output " file Output the credential to the specified file. .TP .BI "\-c, \-\-cipher " string Specify the cipher type, either by name or number. .TP .BI "\-C, \-\-list\-ciphers" Display a list of supported cipher types. .TP .BI "\-m, \-\-mac " string Specify the MAC type, either by name or number. .TP .BI "\-M, \-\-list\-macs" Display a list of supported MAC types. .TP .BI "\-z, \-\-zip " string Specify the compression type, either by name or number. .TP .BI "\-Z, \-\-list\-zips" Display a list of supported compression types. .TP .BI "\-u, \-\-restrict\-uid " uid Specify the user name or UID allowed to decode the credential. This will be matched against the effective user ID of the process requesting the credential decode. .TP .BI "\-U, \-\-uid " uid Specify the user name or UID under which to request the credential. This requires root privileges or the CAP_SETUID capability. .TP .BI "\-g, \-\-restrict\-gid " gid Specify the group name or GID allowed to decode the credential. This will be matched against the effective group ID of the process requesting the credential decode, as well as each supplementary group of which the effective user ID of that process is a member. .TP .BI "\-G, \-\-gid " gid Specify the group name or GID under which to request the credential. This requires root privileges or the CAP_SETGID capability. .TP .BI "\-t, \-\-ttl " integer Specify the time-to-live (in seconds). This controls how long the credential is valid once it has been encoded. A value of 0 selects the default TTL. A value of \-1 selects the maximum allowed TTL. .TP .BI "\-S, \-\-socket " path Specify the local domain socket for connecting with \fBmunged\fR. .SH "EXIT STATUS" The \fBmunge\fR program returns a zero exit code when the credential is successfully created and returned. On error, it prints an error message to stderr and returns a non-zero exit code. .SH AUTHOR Chris Dunlap .SH COPYRIGHT Copyright (C) 2007-2017 Lawrence Livermore National Security, LLC. .br Copyright (C) 2002-2007 The Regents of the University of California. .PP MUNGE is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. .PP Additionally for the MUNGE library (libmunge), you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. .SH "SEE ALSO" .BR remunge (1), .BR unmunge (1), .BR munge (3), .BR munge_ctx (3), .BR munge_enum (3), .BR munge (7), .BR munged (8). .PP \fBhttps://dun.github.io/munge/\fR