https://whynothugo.nl/tags/ulock/Recent content in Ulock on WhyNotHugo (雨果)Hugoenhugo@whynothugo.nl (Hugo Osvaldo Barrera)hugo@whynothugo.nl (Hugo Osvaldo Barrera)Sat, 06 Jun 2026 14:28:57 +0200https://whynothugo.nl/journal/2026/06/06/introducing-%C2%B5lock/Sat, 06 Jun 2026 14:05:59 +0200hugo@whynothugo.nl (Hugo Osvaldo Barrera)https://whynothugo.nl/journal/2026/06/06/introducing-%C2%B5lock/<p>Last weekend I sat down and set into code a project that has been living in my head rent-free for some time: µlock (a.k.a: <code>ulock</code>).</p> <p><code>ulock</code> is a minimal Wayland screen-locker, designed to work without relying on any <a href="https://en.wikipedia.org/wiki/Setuid">setuid</a> binary on Linux. This is done by relying on the <a href="https://wiki.alpinelinux.org/wiki/Tcb">tcb</a> password shadowing scheme. The gist of this scheme is: each user&rsquo;s <code>shadow</code> entry is stored in <code>/etc/tcb/$USER/shadow</code> instead of <code>/etc/shadow</code>, and each user has permissions to read their own encrypted password&rsquo;s hash (and to edit it, depending on the administrator&rsquo;s policy). I works in environments where setuid binaries are disabled entirely (but is not limited to those).</p>