Why do we need to be root in terminal for shutdown and restart?
The shutdown on the cog-wheel checks if you are allowed to shutdown the machine. This is done via PolicyKit. In case of shutdown this statement in the file /usr/share/polkit-1/actions/org.freedesktop.consolekit.policy
is checked:
<action id="org.freedesktop.consolekit.system.stop">
<description>Stop the system</description>
<message>System policy prevents stopping the system</message>
<defaults>
<allow_inactive>no</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
</action>
The PolicyKit triggers a dbus-send
command. In case of shutdown it would be:
dbus-send --system --print-reply --dest=org.freedesktop.Hal /org/freedesktop/Hal/devices/computer org.freedesktop.Hal.Device.SystemPowerManagement.Shutdown
There is a daemon running in the background with root-Privileges that invokes the shutdown command for you.
When you want to be able to shutdown the machine "the old way" via command line (shutdown, reboot, halt, ...
), then you need to add the suid-Bit to those commands. But be aware, everyone on your system, that has access to the shell could then shutdown your machine.
Ubuntu is a distribution of the GNU/Linux Operationg System which in turn belongs to the Unix system family - a common architecture for a number of modern Operating Systems.
Traditionally Unix used to run on mainframe computers. Central computing facilities which serve dozends or hundreds of users via remote terminals. Since all users relied on the availability of the mainframe, no single user was allowed to issue a shutdown command. An idea that is fundamental to the Unix architecture - the system kernel will never initialise a shutdown unless the according function is called by a superuser process.
In contemporary desktop systems developers have gone through certain pains to make the shutdown available to the mere desktop user. A common technique is, to let the login manager, which usually runs in the security context of the root user, handle shutdown and reboot. In this case the graphical shell issues a request to the login manager to shutdown the computer. This involves using inter process communication (IPC), usually via the dbus service.
The above mentioned policykit extends this process by providing a standardised framework through which the login manager (or whatever program provides the shutdown service) can check what users are allowed to cause a shutdown, and through wich an administrator can configure those permissions respectively.
Some desktop environments don't use IPC-based services but rather a set of helper programs to provide the same or similar functions. Those helper programs would be called through mechanisms, allowing to change into the superuser context, like sudo, suid, or a policykit mechanism similar to sudo.
In any case, the dumb traditional shutdown program on the shell doesn't work this way, It requires you to see that it is run in a superuser context.
Because Linux is commonly used as a server or similar, and SSHing into a linux box, even a normal Ubuntu laptop, is quite common.
Thing is, you may not want people with SSH access to be able to shut it down, especially when there may be other remotely logged in users using it. Someone with access to the GUI — well, he can shut it down on his own anyway with the physical power button.
Also, a remotely logged in user won't be able to turn it back on.
When I reboot via the GUI I can do that without my
sudo
password.
Only if you're the only one logged in. If there are any other users (including console users) you may have to enter a root password. This is the same on OS X and newer Windows versions.
Why is that? What's happening internally of the ubuntu system there?
The following command:
/usr/bin/dbus-send --system --print-reply --dest="org.freedesktop.ConsoleKit" /org/freedesktop/ConsoleKit/Manager org.freedesktop.ConsoleKit.Manager.Stop
D-Bus is an IPC mechanism - a medium for local communication between processes running on the same host.
D-Bus is "smarter" than low-level message-passing protocols such as UDP. On the other hand, it does carry messages as discrete items—not continuous streams of data.
D-Bus has a structured view of the data it carries, and deals with data in binary form; integral numbers of various widths, strings, and so on. Because data is not just "raw bytes" to D-Bus, messages can be validated.
-- Free Desktop
Why doesn't the shutdown
command just check if anyone is logged in? That seems an unmercenary feature to be honest. I can imagine it would save time sometimes, but a consistent console is often preferred. I don't want commands to sometimes require a password after running it, and sometimes not.
My pronouns are He / Him
The reason you don't need to be root to initiate a shutdown from the GUI is largely a matter of convenience for the typical desktop user. The system knows that you're the user logged in on the console, so if you shut down the computer by mistake, you can presumably turn it back on.
For a user in the shell, you might very well be logged in remotely, so the system requires that you be logged in as root in order to issue a shutdown command. This prevents a regular user logged into a server from shutting it down while other people are using it, and while there's not necessarily anybody physically there to start the computer back up.
The reason that shutdown doesn't provide a GUI prompt for the super-user password is probably simply that there's no real utility to be gained there - if you are on the console, where the prompt would appear, you could just use the cog-wheeel menu instead. If you wanted to have a command-line prompt for the super-user password for shutdown, that's already available with "sudo shutdown".