Why does reboot and poweroff require root privileges?
Warning: by the end of this answer you'll probably know more about linux than you wanted to
Why reboot
and poweroff
require root privileges
GNU/Linux operating systems are multi-user, as were its UNIX predecessors. The system is a shared resource, and multiple users can use it simultaneously.
In the past this usually happened on computer terminals connected to a minicomputer or a mainframe.
The popular PDP-11 minicomputer. A bit large, by today's standards :)
In modern days, this can happen either remotely over the network (usually via SSH), on thin clients or on a multiseat configuration, where there are several local users with hardware attached to the same computer.
A multi-seat configuration. Photo by Tiago Vignatti
In practice, there can be hundreds or thousands of users using the same computer simultaneously. It wouldn't make much sense if any user could power off the computer, and prevent everyone else from using it.
What security risk is posed by not requiring this to have root privileges?
On a multi-user system, this prevents what is effectively a denial-of-service attack
The GUI provides a way for any user to shut off or restart, so why do the terminal commands need to be run as root?
Many Linux distributions do not provide a GUI. The desktop Linux distributions that do are usually oriented to a single user pattern, so it makes sense to allow this from the GUI.
Possible reasons why the commands still require root privileges:
- Most users of a desktop-oriented distro will use the GUI, not the command line, so it's not worth the trouble
- Consistency with accepted UNIX conventions
- (Arguably misguided) security, as it prevents naive programs or scripts from powering off the system
How is the GUI able to present shutdown without root privileges?
The actual mechanism will vary depending on the specific desktop manager (GUI). Generally speaking, there are several mechanisms available for this type of task:
- Running the GUI itself as root (hopefully that shouldn't happen on any proper implementation...)
- setuid
- sudo with NOPASSWD
- Communicating the command to another process that has those privileges, usually done with D-Bus. On popular GUIs, this is usually managed by polkit.
In summary
Linux is used in very diverse environments - from mainframes, servers and desktops to supercomputers, mobile phones, and microwave ovens. It's hard to keep everyone happy all the time! :)
Linux has its origins in Unix and Unix was initially developed as a multi-user operating system. You could have one user disrupt other users by wanting to reboot the system. Only the administrator with root privileges could do that.
Its quite natural and a policy matter and convenience, it had been allowed from GUI because you are physically logged in to the machine. ( Some Linux distributions will still ask you for password if the GUI is not running as root , I am using Centos 6 and there is even no GUI shutdown/reboot option for my user , there is only log out and lock option)
From a pseudo-terminal you need to be root or have the sudo privilege because you might not want any user to ssh into your server or machine and shut it down or reboot it.