Why do we need to be root in terminal for shutdown and restart?
The shutdown on the cog-wheel checks if you are allowed to shutdown the machine. This is done via PolicyKit. In case of shutdown this statement in the file /usr/share/polkit-1/actions/org.freedesktop.consolekit.policy
is checked:
<action id="org.freedesktop.consolekit.system.stop">
<description>Stop the system</description>
<message>System policy prevents stopping the system</message>
<defaults>
<allow_inactive>no</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
</action>
The PolicyKit triggers a dbus-send
command. In case of shutdown it would be:
dbus-send --system --print-reply --dest=org.freedesktop.Hal /org/freedesktop/Hal/devices/computer org.freedesktop.Hal.Device.SystemPowerManagement.Shutdown
There is a daemon running in the background with root-Privileges that invokes the shutdown command for you.
When you want to be able to shutdown the machine "the old way" via command line (shutdown, reboot, halt, ...
), then you need to add the suid-Bit to those commands. But be aware, everyone on your system, that has access to the shell could then shutdown your machine.
Ubuntu is a distribution of the GNU/Linux Operationg System which in turn belongs to the Unix system family - a common architecture for a number of modern Operating Systems.
Traditionally Unix used to run on mainframe computers. Central computing facilities which serve dozends or hundreds of users via remote terminals. Since all users relied on the availability of the mainframe, no single user was allowed to issue a shutdown command. An idea that is fundamental to the Unix architecture - the system kernel will never initialise a shutdown unless the according function is called by a superuser process.
In contemporary desktop systems developers have gone through certain pains to make the shutdown available to the mere desktop user. A common technique is, to let the login manager, which usually runs in the security context of the root user, handle shutdown and reboot. In this case the graphical shell issues a request to the login manager to shutdown the computer. This involves using inter process communication (IPC), usually via the dbus service.
The above mentioned policykit extends this process by providing a standardised framework through which the login manager (or whatever program provides the shutdown service) can check what users are allowed to cause a shutdown, and through wich an administrator can configure those permissions respectively.
Some desktop environments don't use IPC-based services but rather a set of helper programs to provide the same or similar functions. Those helper programs would be called through mechanisms, allowing to change into the superuser context, like sudo, suid, or a policykit mechanism similar to sudo.
In any case, the dumb traditional shutdown program on the shell doesn't work this way, It requires you to see that it is run in a superuser context.
Because Linux is commonly used as a server or similar, and SSHing into a linux box, even a normal Ubuntu laptop, is quite common.
Thing is, you may not want people with SSH access to be able to shut it down, especially when there may be other remotely logged in users using it. Someone with access to the GUI — well, he can shut it down on his own anyway with the physical power button.
Also, a remotely logged in user won't be able to turn it back on.