DOKK / manpages / debian 12 / sysvinit-core / shutdown.8.en
SHUTDOWN(8) Linux System Administrator's Manual SHUTDOWN(8)

shutdown - bring the system down

/sbin/shutdown [-akrhPHfFncqQ] [-t sec] time [warning message]

shutdown brings the system down in a secure way. All logged-in users are notified that the system is going down, and login(1) is blocked. It is possible to shut the system down immediately or after a specified delay. All processes are first notified that the system is going down by the signal SIGTERM. This gives programs like vi(1) the time to save the file being edited, mail and news processing programs a chance to exit cleanly, etc. shutdown does its job by signalling the init process, asking it to change the runlevel. Runlevel 0 is used to halt the system, runlevel 6 is used to reboot the system, and runlevel 1 is used to put to system into a state where administrative tasks can be performed; this is the default if neither the -h or -r flag is given to shutdown. To see which actions are taken on halt or reboot see the appropriate entries for these runlevels in the file /etc/inittab.

Use /etc/shutdown.allow.
Don't really shutdown; only send the warning messages to everybody.
Reboot after shutdown.
Halt or power off after shutdown. Usually used with the -P or -H flags, depending on whether we want to poweroff or simply stop the operating system.
Modifier to the -h flag. Halt action is to turn off the power. Must be used with the -h flag.
Modifier to the -h flag. Halt action is to halt or drop into boot monitor on systems that support it. Must be used with the -h flag. Halting is often used to run through the shutdown process and leave output on the screen for debugging purposes. Or when the user wants the OS to stop, but leave the power on. To power off at the end of the shutdown sequence use the -P modifier instead.
Skip fsck(8) on reboot.
Force fsck(8) on reboot.
[DEPRECATED] Don't call init(8) to do the shutdown but do it ourself. The use of this option is discouraged, and its results are not always what you'd expect.
Cancel a waiting shutdown. (shutdown now is no longer waiting.) With this option it is of course not possible to give the time argument, but you can enter explanatory message arguments on the command line that will be sent to all users.
Reduce the number of warnings shutdown displays. Usually shutdown displays warnings every 15 minutes and then every minute in the last 10 minutes of the countdown until time is reached. When -q is specified shutdown only warns at 60 minute intervals, at the 10 minute mark, at the 5 minute mark, and when the shutdown process actually happens.
Silence warnings prior to shutting down. Usually shutdown displays warnings every 15 minutes and then every minute in the last 10 minutes of the countdown until time is reached. When -Q is specified shutdown only warns when the shutdown process actually happens. All other warning intervals are suppressed.
Tell init(8) to wait sec seconds between sending all processes the warning (SIGTERM) and the kill signal (SIGKILL), before changing to another runlevel. The default time, if no value is specified, between these two signals is three seconds. Warning: when shutdown calls init(8) to perform the shutdown (the default behavior), init(8) checks to see if all processes have terminated and will stop waiting early once its children have all terminated. When shutdown is called with the -n flag, it waits the full time specified (or three seconds) even if all other processes have terminated.
When to shutdown. If a time is given then the shutdown command will not exit but instead count down until reboot.
Message to send to all users.

The time argument can have different formats. First, it can be an absolute time in the format hh:mm, in which hh is the hour (1 or 2 digits) and mm is the minute of the hour (in two digits). Second, it can be in the format +m, in which m is the number of minutes to wait. Third, it can be in the format +hh:mm, in which hh:mm is the number of hours and minutes to wait. The word now is an alias for +0.

If shutdown is called with a delay, it will create the advisory file /run/nologin which causes programs such as login(1) to not allow new user logins. This file is created five minutes before the shutdown sequence starts. shutdown removes this file if it is stopped before it can signal init (i.e. it is cancelled or something goes wrong). It also removes it before calling init(8) to change the runlevel.

The -f flag means `reboot fast'. This only creates an advisory file /fastboot which can be tested by the system when it comes up again. The boot rc file can test if this file is present, and decide not to run fsck(8) since the system has been shut down in the proper way. After that, the boot process should remove /fastboot.

The -F flag means `force fsck'. This only creates an advisory file /forcefsck which can be tested by the system when it comes up again. The boot rc file can test if this file is present, and decide to run fsck(8) with a special `force' flag so that even properly unmounted file systems get checked. After that, the boot process should remove /forcefsck.

The -n flag causes shutdown not to call init(8), but to kill all running processes itself. shutdown will then turn off quota, accounting, and swapping and unmount all file systems.

shutdown can be called from init(8) when the magic keys CTRL-ALT-DEL are pressed, by creating an appropriate entry in /etc/inittab. This means that everyone who has physical access to the console keyboard can shut the system down. To prevent this, shutdown can check to see if an authorized user is logged in on one of the virtual consoles. If shutdown is called with the -a argument (add this to the invocation of shutdown in /etc/inittab), it checks to see if the file /etc/shutdown.allow is present. It then compares the login names in that file with the list of people that are logged in on a virtual console (from /var/run/utmp). Only if one of those authorized users or root is logged in, it will proceed. Otherwise it will write the message

shutdown: no authorized users logged in

to the (physical) system console. The format of /etc/shutdown.allow is one user name per line. Empty lines and comment lines (prefixed by a #) are allowed. Currently there is a limit of 32 users in this file.

Note that if /etc/shutdown.allow is not present, the -a argument is ignored.

The -H option just sets the init environment variable INIT_HALT to HALT, and the -P option just sets that variable to POWEROFF. The script (usually /etc/init.d/halt) that calls the halt(8) program as the last thing in the shutting down sequence should check this environment variable and call the halt(8) program with the right options for these options to actually have any effect.

/fastboot
/etc/inittab
/etc/init.d/halt
/etc/init.d/reboot
/etc/shutdown.allow

A lot of users forget to give the time argument and are then puzzled by the error message shutdown produces. The time argument is mandatory; in 90 percent of all cases this argument will be the word now.

init(8) can only capture CTRL-ALT-DEL and start shutdown in console mode. If the system is running the X window System, the X server processes all key strokes. Some X11 environments make it possible to capture CTRL-ALT-DEL, but what exactly is done with that event depends on that environment.

shutdown wasn't designed to be run setuid. /etc/shutdown.allow is not used to find out who is executing shutdown, it ONLY checks who is currently logged in on (one of the) console(s).

Miquel van Smoorenburg

fsck(8), init(8), halt(8), poweroff(8), reboot(8)

November 12, 2003 sysvinit