Linux shutdown permission

linux permissions

Suppose you install a desktop environment, say ubuntu or debian. You can shutdown the system by clicking a button somewhere on your system menu as a normal user. You don't need to switch to superuser to accomplish that.

However in the same desktop environment, if I open a terminal (say gnome-terminal) as a normal user, and type

shutdown -h now

I would be prompted by 

shutdown: need to be root

The only way to shutdown is to prepend the command with a sudo.

Can anyone explain why this is so?

Thanks KC


The question asked by K.Chen is: why do I need sudo privileges when I do it from CLI, ahile I do not need such privileges when I do it from the GUI.

The first part of the answer is that people who design Desktop Environments, like Gnome, KDE, Xfce, Mate, Cinnamon, ... try to simplify the work of their users, and they configure shutting down and rebooting without requiring sudo credentials. This, incidentally, implies that there must be a shutdown sequence which does not involve the program shutdown, which does require sudo privileges (no way around that).

I do not know in detail how each DE does it, but I know that there is a gentle way to bring down, or restart/shutdown/hibernate your system, which does not require root privileges. You can find the original post in an Arch Linux Forum post. In essence, it amounts to issuing hese commands:

halt

 #!/bin/bash
 dbus-send --system --print-reply --dest="org.freedesktop.ConsoleKit"/org/freedesktop/ConsoleKit/Manager org.freedesktop.ConsoleKit.Manager.Stop

reboot

 #!/bin/bash
 dbus-send --system --print-reply --dest="org.freedesktop.ConsoleKit"  /org/freedesktop/ConsoleKit/Manager org.freedesktop.ConsoleKit.Manager.Restart

dbus-suspend

 #!/bin/bash
 dbus-send --system --print-reply --dest="org.freedesktop.UPower" /org/freedesktop/UPower org.freedesktop.UPower.Suspend

hibernate

 #!/bin/bash
 dbus-send --system --print-reply --dest="org.freedesktop.UPower" /org/freedesktop/UPower org.freedesktop.UPower.Hibernate

My guess is that the GUI buttons use roughly these commands. To be certain one should look into the code, but I believe this is a safe bet.


The reason behind this design decision is not technical (you could have a non privileged shutdown command or a require a password in the GUI).

  • When using a desktop environment the user is supposed to have physical access to the machine. Then better to allow a clean shutdown than to let the user push the power button or unplug the power cord.

  • When using a shell the user could be a remote user and to avoid a remote shutdown more privileges are requested.

These are not rules but just defaults based on assumptions: you can have a local user in a shell and a remote user with a desktop environment. If you want to choose the default behavior you can configure your system accordingly.


Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. shutdown -h command or init 0 command can be used to turn off the machine. But both commands required root privilege to execute.

The command which locates in /sbin must have root privilege to execute it. For finding the location of shutdown command,

type which shutdown in terminal.

Hope now your doubt is clear :)

Related

tar: cannot open: no such file or directory
Disabling laptop monitor when external HDMI monitor is plugged in
Is it possible to have 2 different VPN connections simultaneously on the same machine? maybe on different network interfaces?
Change registry permissions via command line (batch file)
Set default/starting folder for Explorer in taskbar without duplicate icon on launch in Windows 8.1
Custom user function without using VBA
Search through PDF with word distance?
Laptop Brightness dims when charger is unplugged(no solution)?
Where is the software RAID information actually written?
How to remove Chrome policies?
What are the three buttons above touchpad in the Dell Latitude E6520 laptop?
Why are write blockers needed when there is mount with read-only?