31

To run the command poweroff or reboot one needs to be super user. Is there anyway I can run this as a normal user? I just don't want to sudo and enter my password every time I reboot or power off.

Raphael Ahrens
  • 9,701
  • 5
  • 37
  • 52
Stormvirux
  • 2,996
  • 3
  • 21
  • 25
  • 2
    The answer depends on which init system your distro uses... For example, with `systemd` and an active `logind` session you can reboot or poweroff without elevated privileges providing no other user is still logged in... – jasonwryan Aug 06 '13 at 08:29
  • @jasonwryan I am currently using Ubuntu which doesnot use `systemd` by default.So you mean other Distros such as Arch can reboot without elavated privileges? – Stormvirux Aug 06 '13 at 09:17
  • Yes: as per the conditions in my first comment. – jasonwryan Aug 06 '13 at 09:36

6 Answers6

43

I changed /etc/sudoers so that every user that is in the admin group can execute the following commands without being ask for a password.

sudo halt
sudo reboot
sudo poweroff

You just need to add the following lines to /etc/sudoers

## Admin user group is allowed to execute halt and reboot 
%admin ALL=NOPASSWD: /sbin/halt, /sbin/reboot, /sbin/poweroff

and add yourself to the admin group.

If you want only one user to be able to do this just remove the %admin and replace it with username like this

## user is allowed to execute halt and reboot 
stormvirux ALL=NOPASSWD: /sbin/halt, /sbin/reboot, /sbin/poweroff

You can find out more about /etc/sudoers with man sudoers or the online manpage

Raphael Ahrens
  • 9,701
  • 5
  • 37
  • 52
8

You can also create a new file under /etc/sudoers.d name it as you wish(I named it 'shutdown'), and put the following lines inside:

# Allows me to shutdown the system without a password

yourUserName ALL = NOPASSWD: /sbin/halt, /sbin/reboot, /sbin/poweroff

Just change "yourUserName" for YOUR User Name, and add or remove commands to use, personally I use it only for shutdown. One of the main difference of creating a particular file under sudoers.d is that this file will survive System Upgrades

Guanaco Devs
  • 211
  • 2
  • 7
  • 2
    If you choose this approach, ensure that `/etc/sudoers` has an appropriate `#include` directive to read files from `/etc/sudoers.d/`. – patricktokeeffe Sep 30 '19 at 23:13
  • Even with the `#includedir` directive, this doesn't work. When testing this as non-root user with `reboot`, I receive the following: ```Failed to set wall message, ignoring: Interactive authentication required. Failed to reboot system via logind: Interactive authentication required. Failed to open initctl fifo: Permission denied Failed to talk to init daemon.``` – jimjamz Jun 01 '23 at 21:34
3

Simplest solution:

sudo echo $USER >> /etc/shutdown.allow

Then you're able to use one of this commands:

shutdown -ah now   // halt
shutdown -ar now   // reboot

According man shutdown there is -a option for non-root usage:

If shutdown is called with the -a argument (add this to the invocation of shutdown in /etc/inittab), it checks to see if the file /etc/shutdown.allow is present. It then compares the login names in that file with the list of people that are logged in on a virtual console ...

It works in Debian Linux. And there is limit for 32 user names in /etc/shutdown.allow.

Alexander Yancharuk
  • 131
  • 4
2

You can also achieve this by trick with setuid. I don't know if it will work on all systems, because they sometimes ignore setuid/setgid bit.

You can specify a group of users who can perform change of system state in my case it was adm. Then add appropriate users to this group.

gpasswd -a $USER adm

Specify permissions:

chmod 4550 /usr/bin/reboot

ls -l outpus should look like this:

-r-sr-x--- 1 root adm 18928 Mar 13  2015 /usr/bin/reboot

Afterwards you can just type:

reboot
hurufu
  • 317
  • 3
  • 4
  • 7
    Don't do this with systemd! With systemd, the `reboot` command is a symlink to `systemctl`, so you'll actually change `systemctl` to be setgid, and systemd does some security stuff (like don't trust env variables in setuid/gid programs) that will break it when setuid/gid. – TrentP Mar 12 '20 at 22:02
  • I would generally not do this. Setuid is a security risk (see the comment about systemd). Which you can easily avoid using sudo as explained in some of the other answers. – Thawn Oct 05 '21 at 20:01
  • Thanks for pointing that out, but I don't see a security risk here. If `reboot` is a symbolic link then of course don't do it, but if you don't use systemd as an init system and your reboot program is small and does only one thing then everything is Ok. You should just always use some common sense before using whatever solution you've found on the internet. Regarding an answer involving modification of sudoers file - it still requires to enter `sudo reboot` which doesn't address OP's wish to not write `sudo` at all. – hurufu Oct 08 '21 at 07:50
1

Another way to achieve not only boot privileges but access to all systemctl services for a specific user or group in a Debian system is doing this:

sudo chown root:myuserorgroup /bin/systemctl
sudo chmod 4755 /bin/systemctl

Because all boot scripts /sbin/shutdown, /sbin/poweroff, /sbin/reboot are links to /bin/systemctl, changind its permissions and ownership grants the necessary privilege to execute it as root user.

Be aware that the user will be able to execute all systemctl operations. This may sound as a security threat, but it is a simple general solution to embbeded systems where your default user must not only have the access rights to shudown but also to work with all the other system services related to systemctl.

danb4r
  • 111
  • 2
0

In some cases (like some small embedded Linuxes, for example from standard yocto images) there is a group in /etc/group called shutdown which owns the executable for reboot. So in that case you just have to add this user to that group.

mslo
  • 21
  • 2