Skip to content
Atay Özcan edited this page May 1, 2026 · 7 revisions

Sentinel

A Windows UAC-style confirmation dialog for Linux privilege escalation. PAM module + libcosmic helper, designed for COSMIC and sudo-rs, Wayland-only.

Caution

Sentinel sits in the PAM authentication path. Misconfiguration can lock you out of sudo, polkit, or login. Read Troubleshooting before installing. Always keep a root shell open in a second terminal during the first install. The software is provided as-is under GPL-3.0; the author takes no responsibility for damaged systems.

Pages

  • Installation — AUR, Debian, RPM, Nix, generic tarball, source build
  • Configuration — TOML reference for /etc/security/sentinel.conf
  • PAM Wiring — wiring pam_sentinel.so into sudo, polkit, su
  • Building from Source — toolchain, build vars, cargo features
  • Architecture — what the helper does, how the PAM module talks to it, the security model
  • Troubleshooting — recovery, common failure modes, debug logging
  • Contributing — dev workflow, code style, release process

What it does

When something requests privilege escalation (sudo, pkexec, …) and the PAM stack hits pam_sentinel.so, the module spawns the sentinel-helper binary. The helper paints a zwlr-layer-shell-v1 overlay surface — full-screen translucent backdrop, exclusive keyboard focus, dialog card centered — and waits for Allow, Deny, or a configurable timeout (auto-deny). Allow → PAM is told sufficient, auth proceeds without password. Deny / timeout / no Wayland display → PAM continues to the next module (typically pam_unix, the password prompt).

Status

Component State
pam_sentinel.so Stable
sentinel-helper Stable
Layer-shell overlay UI Stable
Transactional install Stable
AUR + .deb + .rpm + Nix Built per release
--windowed fallback Debug only

Clone this wiki locally