Linux shutdown permission
Suppose you install a desktop environment, say ubuntu or debian. You can shutdown the system by clicking a button somewhere on your system menu as a normal user. You don't need to switch to superuser to accomplish that.
However in the same desktop environment, if I open a terminal (say gnome-terminal) as a normal user, and type
shutdown -h now
I would be prompted by
shutdown: need to be root
The only way to shutdown is to prepend the command with a sudo.
Can anyone explain why this is so?
Thanks KC
The question asked by K.Chen is: why do I need sudo privileges when I do it from CLI, ahile I do not need such privileges when I do it from the GUI.
The first part of the answer is that people who design Desktop Environments, like Gnome, KDE, Xfce, Mate, Cinnamon, ... try to simplify the work of their users, and they configure shutting down and rebooting without requiring sudo credentials. This, incidentally, implies that there must be a shutdown sequence which does not involve the program shutdown, which does require sudo privileges (no way around that).
I do not know in detail how each DE does it, but I know that there is a gentle way to bring down, or restart/shutdown/hibernate your system, which does not require root privileges. You can find the original post in an Arch Linux Forum post. In essence, it amounts to issuing hese commands:
halt
#!/bin/bash
dbus-send --system --print-reply --dest="org.freedesktop.ConsoleKit"/org/freedesktop/ConsoleKit/Manager org.freedesktop.ConsoleKit.Manager.Stop
reboot
#!/bin/bash
dbus-send --system --print-reply --dest="org.freedesktop.ConsoleKit" /org/freedesktop/ConsoleKit/Manager org.freedesktop.ConsoleKit.Manager.Restart
dbus-suspend
#!/bin/bash
dbus-send --system --print-reply --dest="org.freedesktop.UPower" /org/freedesktop/UPower org.freedesktop.UPower.Suspend
hibernate
#!/bin/bash
dbus-send --system --print-reply --dest="org.freedesktop.UPower" /org/freedesktop/UPower org.freedesktop.UPower.Hibernate
My guess is that the GUI buttons use roughly these commands. To be certain one should look into the code, but I believe this is a safe bet.
The reason behind this design decision is not technical (you could have a non privileged shutdown
command or a require a password in the GUI).
When using a desktop environment the user is supposed to have physical access to the machine. Then better to allow a clean shutdown than to let the user push the power button or unplug the power cord.
When using a shell the user could be a remote user and to avoid a remote shutdown more privileges are requested.
These are not rules but just defaults based on assumptions: you can have a local user in a shell and a remote user with a desktop environment. If you want to choose the default behavior you can configure your system accordingly.
Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. shutdown -h command or init 0 command can be used to turn off the machine. But both commands required root privilege to execute.
The command which locates in /sbin must have root privilege to execute it. For finding the location of shutdown command,
type which shutdown in terminal.
Hope now your doubt is clear :)