Unattended upgrades can be a double-edged sword. While they keep your system up to date automatically, they might also unexpectedly change the system’s state or introduce new issues without your prior knowledge. In certain environments, especially in production or where stability is a must, it might be preferable to disable these automatic updates. This guide will walk you through the steps necessary to disable unattended upgrades on your Ubuntu system.
In this tutorial you will learn:
- How to disable the unattended-upgrades service
- How to configure Apt’s periodic upgrade settings
- How to ensure your system does not perform automatic installations without your consent
| Category | Requirements, Conventions or Software Version Used |
|---|---|
| System | Ubuntu 16.04,18.04,20.04,22.04,24.04 |
| Software | None |
| Other | Access to a terminal window/command line (Ctrl-Alt-T, Ctrl-Alt-F2) |
| Conventions | # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command$ – requires given linux commands to be executed as a regular non-privileged user |
Disabling unattended upgrades transfers the responsibility of keeping the system secure and updated entirely to you. Without automatic updates, you must regularly check for and manually install updates to protect your system from vulnerabilities that are often patched through these updates. Failing to keep your system updated can expose it to security risks and potential breaches. Always ensure your system’s software is up-to-date to maintain its security integrity.
Steps to Disable Unattended Upgrades on Ubuntu
Follow these steps carefully to disable automatic updates on your Ubuntu system. This will give you full control over when and how updates are installed, which is crucial for managing dependencies and system stability, especially when you need to ensure that updates do not disrupt existing software configurations.
- Disable the Unattended-Upgrades Service: The first step is to stop the unattended-upgrades service from running automatically.
$ sudo systemctl disable --now unattended-upgrades
This command stops the ‘unattended-upgrades’ service if it is currently running and prevents it from starting during the system boot. Disabling this service ensures that no upgrades are applied without your intervention.
- Edit the 20auto-upgrades File: To take control over the automatic installation of updates, modify the apt configuration file.
$ sudo nano /etc/apt/apt.conf.d/20auto-upgrades
You need to insert or update the following lines:
APT::Periodic::Update-Package-Lists "1"; // "1" enables, "0" disables automatic checking for new packages APT::Periodic::Unattended-Upgrade "0"; // Setting to "0" disables automatic installations
This configuration ensures the package lists are still updated regularly if set to 1 (useful for manual upgrades), but prevents any updates from being installed automatically by setting
Unattended-Upgradeto 0. To completely disable automatic checking for updates, changeAPT::Periodic::Update-Package-Liststo 0. This stops your system from even checking for new updates automatically, thereby requiring you to manually check and update your packages to maintain system security and performance.
Disabled unattended upgrades in 20auto-upgrades File - Adjust the 50unattended-upgrades File (Optional): For finer control or to disable certain types of updates, modify the 50unattended-upgrades file.
$ sudo nano /etc/apt/apt.conf.d/50unattended-upgrades
You can comment out lines corresponding to the types of updates you do not want automatically installed, such as:
// "${distro_id}:${distro_codename}-updates";By commenting out these lines, you prevent automatic updates from these repositories, though manual updates are still possible.
- Verify Changes: Ensure that automatic updates are disabled.
$ systemctl status unattended-upgrades
This command checks the status of the unattended-upgrades service. It should report “inactive (disabled)” if the service is properly disabled.
$ cat /etc/apt/apt.conf.d/20auto-upgrades
This will display the current configuration of the 20auto-upgrades file to verify that unattended upgrades are disabled.
Verify that unattended upgrades had been disabled
Understanding Update Management Files in Ubuntu
It’s important to understand the roles and differences between the 10periodic, 20auto-upgrades, and 50unattended-upgrades configuration files in Ubuntu. These files dictate how automatic updates should be handled by the system, but each serves a distinct purpose:
10periodic
This file is used to configure how frequently the package lists are updated and how often the script checks for upgrades. The settings in this file are more about scheduling the timing of update checks and the cleanup operations:
APT::Periodic::Update-Package-Lists: This option schedules the update of the package lists (how often the system checks for new packages).APT::Periodic::Download-Upgradeable-Packages: Schedules how often to download upgradable packages.APT::Periodic::AutocleanInterval: Defines how often the package cache is cleaned.
20auto-upgrades
This file specifically controls the automatic installation of updates. It is more focused than 10periodic and directly influences whether updates are applied automatically:
APT::Periodic::Update-Package-Lists: Similar to10periodic, it controls the frequency of checking for updates.APT::Periodic::Unattended-Upgrade: This crucial setting determines whether updates are installed automatically without user intervention.
50unattended-upgrades
Unlike the previous files, 50unattended-upgrades provides granular control over which types of updates are applied automatically. It allows specifying security updates or other updates from specific repositories to be included or excluded from automatic upgrades. Configuration here is primarily about inclusion and exclusion rules for updates, specifying from which origins updates should be automatically installed.
Understanding these files and their configurations helps in effectively managing system updates according to your needs, providing a balance between automation and manual control. This knowledge is crucial for customizing the update behavior of your Ubuntu system to fit your requirements.
Conclusion
By following the steps outlined above, you will have successfully disabled unattended upgrades on your Ubuntu system. This change allows you to manually control when updates are applied, preventing unexpected changes and potential software conflicts. Regularly check for updates to maintain system security and stability, and apply them at your discretion.