Why do I need to be root to shutdown/reboot my computer from the terminal? Doing so via the GUI menu doesn't require root privileges.

Usually the OS launches at startup a service that runs as root, and offers to desktop environments some possibilities regarding the computer. Usually it's either ConsoleKit or systemd-logind.

For example in KDE you can shutdown your computer from command line as a normal user with something like:

qdbus org.kde.ksmserver /KSMServer logout 0 0 0

This is possible because the KDE session manager will contact a DBus service that runs as root and when called will run the shutdown command with root privileges.

On systems running ConsoleKit, you can use:

gdbus call -y -d org.freedesktop.ConsoleKit \
              -o /org/freedesktop/ConsoleKit/Manager \
              -m org.freedesktop.ConsoleKit.Manager.Stop

On systems using systemd-logind, the shutdown utility already uses DBus and doesn't require privileges.

To summarize, you can shutdown your computer as a normal user because the Desktop Environment runs a service that offers the possibility to run the shutdown[1] command as root.

[1] Actually the service does other things to ensure that the Desktop Environment shuts down correctly.

Imagine your computer is a shared webhosting server, where every user is granted SSH access. There are about 500 users per one server in such setup.

Should anyone really be allowed to reboot the entire server, disrupt HTTP downloads, break SSH sessions, etc?

Some reasons from top of my head:

  • the command line variants can be scriptable, hence a malicious script can be injected and cause very nasty things (an DoS attack etc.).
  • GUI menu is safe: doesn't allow nasty things to happen (eg. forced reboot - throwing in the thin air everything)
  • GUI menu is simple: doesn't confuse the users with powerful admin options like verbose logging, optional message sending to all logged users, delayed shutdown, difference between Halt, maintenance mode etc.
  • GUI menu is lean and mean: doesn't work "differently" according with the system runlevels (0, 6 etc.) executing different scripts (eg. /sbin/shutdown) and/or according to different switches/options entered from the command line


In addition to the GUI menu, you can also shut down Linux from the text console. What it has in common with the GUI is that the user issuing the command almost certainly has physical access. (For the exceptional situations where this is not true, like public kiosks, it can be disabled.)

The user of an arbitrary TTY session cannot be assumed to have physical access; it is a form of remote access. There is no way to signal a shutdown through an arbitrary TTY session, whether it be a local xterm, an actual terminal on a serial line, or an ssh session. You have to prove that you have privilege equivalent to physical access by becoming root.

If unauthenticated or unprivileged users could remotely reboot the system, that would be a security issue.

Just like remote login, a physical terminal (actual serial port) is a form of remote access. The user could be in another building, or in another part of the world (via modem).

A graphical terminal emulator like xterm isn't remote, but the operating system doesn't know that. The application is implemented using a pseudo TTY. This is a virtualized TTY device which the operating system (for the most part) does not distinguish from a real tty. If you type stty in an xterm or ssh session, you will note that you have a baud rate, like 9600 or 38400 and can toggle xon/xoff flow control, or even cts/rts. Pseudo TTY's could, in theory, have a special reboot signaling protocol between the master and slave that is not otherwise available in regular TTY's, but they don't. (Actually, an xterm could be remote, since it is an X client application that can be redirected to create its windows on a remote X server.)

(Not sure what "the terminal" refers to in the question; there is no such thing in Linux.)

