Why is unattended-upgrades activated by default?

server apt upgrade lts

5,830

Solution 1

I can't explain why it gives you the option and then ignores your response. Without installing, I can't confirm that behaviour, however, it's easy to fix it.

Edit /etc/apt/apt.conf.d/50unattended-upgrades and comment out the -security line.

// Automatically upgrade packages from these (origin:archive) pairs
Unattended-Upgrade::Allowed-Origins {
//      "${distro_id}:${distro_codename}-security";
//      "${distro_id}:${distro_codename}-updates";
//      "${distro_id}:${distro_codename}-proposed";
//      "${distro_id}:${distro_codename}-backports";
};

Solution 2

Another way to disable unattended upgrades is to

Edit /etc/apt/apt.conf.d/20auto-updates and set "Unattended-Upgrade" to "0".

APT::Periodic::Unattended-Upgrade "0";

Solution 3

Another way is to use: dpkg-reconfigure unattended-upgrades

5,830

Cucumber

Updated on September 18, 2022

Comments

Cucumber over 1 year

I just migrated from CentOS to Ubuntu Server 16.04 LTS. I chose "no" when it asked me to do automatic updates during the setup. However, I just realized that by default unattended-upgrades is activated and installed by default, since it had installed a kernel update automatically. This is very Windows like and is disappointing me. Why is this the case that it is enabled by default even though the user chose no during the setup?

Thanks
- Javier Rivera almost 8 years
  
  AFAIK the setup is asking to download updates during the setup so it installs updates packages, not about activating or not "unattended-upgrades".
- David Tabernero M. over 5 years
  
  I was about to ask exactly that, it's like I have to remember for every fresh new xbuntu installation that I have to disable them.
- caw almost 3 years
  
  See also unix.stackexchange.com/questions/342663/… and unix.stackexchange.com/questions/470709/…
hheimbuerger almost 6 years

Isn't that file called 20auto-upgrades, not 20auto-updates?
wedi almost 6 years

Files from linux's *.d folders are read in alphanumeric order irrespective of their exact name. Thus, the answer will work as long as the name is alphanumerically bigger than "10periodic".
B. Shea over 4 years

@wedi Yes - and this should be taken advantage of. It avoids a package overwriting your changes on system updates. You have to make sure when using any conf.d area that your custom directive(s) come LAST. The filename 20auto-updates if used as user-created new override file, would be read in BEFORE 20auto-upgrades. Last file read wins. Better idea on any conf.d area is to create something you know will be read DEAD LAST. Try creating 99z-custom in /etc/apt/apt.conf.d with the statement APT::Periodic::Unattended-Upgrade "0"; - it will be read last. Again: Last wins.
B. Shea over 4 years

Good rule of thumb when overriding in conf.d areas: Better to always create a custom override file when possible. 99z-custom would work in this area I think (untested). When apt updates itself your 50unattended-upgrades files might be overwritten. Your custom file will not.
caw almost 3 years

Correct. This also sets APT::Periodic::Unattended-Upgrade and APT::Periodic::Update-Package-Lists in /etc/apt/apt.conf.d/*.