25

I used the command poweroff and unexpectedly the system went off. I didn't used sudo therefore I didn't expect computer to be turned off. Why it was possible for me to use this command without root privilege?

  • can you add what distribution and relative version are you using? – D'Arcy Nader Feb 01 '21 at 12:27
  • 2
    Poweroff and so requires root. They are typically installed with +s, i.e. even users can start it as root. However, only users within the "console" group have execute permission for that. This group is given only to interactive, console login shells, and not to remote logins. Thus, locally logged in users have this permission only. Probably there is some setting where you take it away even from them. – peterh Feb 08 '21 at 09:19

1 Answers1

36

This is alluded to in a comment on Why does reboot and poweroff require root privileges?

On some distributions using systemd, poweroff is now a symlink to systemctl, which instructs systemd to shut the system down on behalf of the user, without asking for the password (if the user has sufficient privileges, typically indicated by the fact that they’re using a local session, i.e. they have physical access to the system).

See What are the default Polkit privileges on Arch Linux for shutdown, halt, etc., and why are they so? for details (not specific to Arch Linux).

Stephen Kitt
  • 434,908
  • 3
    So ssh user@remoteHost poweroff would fail where logging in locally would succeed? – Chris Davies Feb 01 '21 at 12:33
  • 3
    @roaima , Yes, A simple test: ssh user@localhost, then systemctl poweroff will ask for root privileges. – FelixJN Feb 01 '21 at 12:35
  • 1
    @roaima yes, it will fail remotely. – Stephen Kitt Feb 01 '21 at 12:35
  • 23
    ...have physical access to the system, usually including a physical power switch. :) And it's better to allow the user to shutdown cleanly through the UI, than to have them fall back to the power switch. – ilkkachu Feb 01 '21 at 12:41
  • 1
    @ilkkachu exactly, I suspect that’s the reasoning here but I haven’t looked for a reference. Desktop environments don’t necessarily use the same mechanisms, they typically go through Policy Kit but the end result is the same. – Stephen Kitt Feb 01 '21 at 12:42
  • 3
    I always have to chuckle when a computer I'm sitting at tries to tell me I can't turn it off. "Dude, you're plug's right over there. Watch this..." – T.E.D. Feb 02 '21 at 17:23