reboot, shutdown with root?

Hello, was a little surprised with that:** reboot, shutdown** needs root rights. It’s much longer to do that actions or to make shortcuts for them. Can I change them normally to run in user permissions?

P.S. Is it the finest options to run

shutdown -h now

or it’s better to use another parameters for desktop?

Well reboot and shut downs are of course system functions and system functions need system permissions ie root.

Linux is multi user and you don’t want some random user shutting down the hardware… This is not Windows rotfl!

The funny thing is that for reboot/shutdown on the command line root rights are needed, you can reboot/shutdown using the GUI without explicit root rights, so in the end still a bit like Windows :wink:

Many Linux versions don’t need root. It’s desktop, not a server and I didn’t setup remote connections to it :wink: . And another user can use hard reset.

In OpenSuSE I can’t reboot without root but can read system configs like /fstab etc.

yes but I can’t use it with parameters like timer. And they are often have a long delay (or I need to close most apps before it).

Use:

systemctl reboot

or

systemctl poweroff

That’s what the GUIs do in the end.

The reboot and shutdown commands always needed root privileges.
systemctl respects the polkit settings, which are defined to allow it for locally logged-in users by default (if the system security level is set to “easy”).

1 Like

Ok but I can’t find how to add delay

Something like this then maybe?

sleep 5s; systemctl poweroff

Or maybe have a look at kshutdown:
https://kshutdown.sourceforge.io/
(available in the standard repos)

Another option would be to use sudo and sodoers to run reboot or shutdown as user.

It is still root that does the shutdown, but the end-user is not asked for the root password.
That is a hole in the security and that hole is in this case made by Policykit I assume.
And that hole is made on purpose to give the end-user an MS Windows feeling >:(

No, rather by the default polkit settings/rules in openSUSE.

It’s configurable though, by root.

And the system security settings in /etc/sysconfig/security affect this, i.e. set it to “secure” and no user will be able to shutdown/reboot.

Btw, if another user is logged in at the same time, you will be asked for the root password anyway, with the default “easy” settings.

And that hole is made on purpose to give the end-user an MS Windows feeling >:(

Or to make the (Linux) desktop more usable to end-users.
Why should you have to enter the root password on a single-user desktop system anyway?

And the user has been able to shutdown/reboot a (open)SUSE (or even SuSe) system via the GUI since ever I am using it… (although polkit didn’t exist back then)

Hm, when I reboot/shutdown using the GUI, the system is going to logout screen, not goes reboot/shutdown

Well, does “systemctl reboot” and “systemctl poweroff” work as expected? (as user)

What display/login manager are you using?

“systemctl reboot” asks for a root for a system message window.

~> systemctl reboot
Failed to set wall message, ignoring: Время ожидания соединения истекло
Failed to reboot system via logind: Access denied
Failed to start reboot.target: Access denied

SDDM Breeze for openSUSE (default)

Then either something’s broken on your system, or you changed the security level.

What does “grep SECURITY /etc/sysconfig/security” give?

~> systemctl reboot
Failed to set wall message, ignoring: Время ожидания соединения истекло
Failed to reboot system via logind: Access denied
Failed to start reboot.target: Access denied

SDDM Breeze for openSUSE (default)

Well, if that doesn’t work, sddm won’t be able to shutdown/reboot the system either (as it uses systemctl to do that).

Hm, I thought there should be some kind of option like “-no window showing”

~> grep SECURITY /etc/sysconfig/security
PERMISSION_**SECURITY**="secure local"
# PERMISSION_**SECURITY**. If PERMISSION_**SECURITY** contains 'secure' or

Ok, I found it. I change security center in Yast. Safe files extensions. Rollback.

No.

That root password dialog is shown by your desktop, btw.

~> grep SECURITY /etc/sysconfig/security
PERMISSION_**SECURITY**="secure local"
# PERMISSION_**SECURITY**. If PERMISSION_**SECURITY** contains 'secure' or

Ok, I found it. I change security center in Yast. Safe files extensions. Rollback.

Yes. “secure” requires the root password for shutdown or reboot.
“easy” allows it for users too.

You can probably reboot with:

CTRL-ALT-F1 (get to a virtual console screen).

follow that with

CTRL-ALT-DELETE

When you get to the grub boot screen, hit the “power off” switch if you really wanted to shutdown and not reboot.

Treat this as an alternative method when all else fails.

I need it with a delay :slight_smile:

Hm, changing “Ctrl+Alt+Del” behaviour from “ignore” to “reboot” in Security center changes nothing. It always shows a dialog window when I can only end my session. Other actions are blocked.

a bit off topic but afaik windows too requires an elevated console for shutdown/reboot regular users even admins can’t shut it down from cmd.exe
I think a doable option on single user systems would be editing the sudoers file (to allow the current user password-less root privileges via sudo)

That dialog window is shown by the desktop, and not configurable in YaST. (in the case of KDE, you can disable it in KDE’s System Settings/Configure Desktop if you want)

YaST’s setting should affect text mode though I think.