Disable automatic updates ubuntu 18.04
I'm running an Ubuntu 18.04 server and was trying to disable every update and upgrade there is but am still not quite sure on what exactly to do. Ignoring the security aspect that comes with it, how do I disable automatic updates for Ubuntu 18.04, MySQL, Apache and PHP via command line?
As far as I know, MySQL Apache and PHP should not automatically update when I disable automatic updates / package list updating on Ubuntu, is that correct?
For Ubuntu, the only things I found were in /etc/apt/apt.conf.d/10periodic :
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "0";
APT::Periodic::AutocleanInterval "0";
which I would set to 0.
APT::Periodic::Update-Package-Lists "1";
set to 0 basically makes it impossible for any package / software e.g. MySQL Apache and PHP to update, right?
And in /etc/apt/apt.conf.d/50unattended-upgrades :
Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}";
"${distro_id}:${distro_codename}-security";
"${distro_id}ESM:${distro_codename}";
// "${distro_id}:${distro_codename}-updates";
// "${distro_id}:${distro_codename}-proposed";
// "${distro_id}:${distro_codename}-backports";
};
In there, I would just comment out line 2-4.
Anything else I would need to do or are all automatic updates / upgrades disabled after this?
According to the docs it says to update the settings in /etc/apt/apt.conf.d/20auto-upgrades
. So I would update these settings to "0"
as well:
APT::Periodic::Update-Package-Lists "0";
APT::Periodic::Unattended-Upgrade "0";
But to be super sure you could still edit /etc/apt/apt.conf.d/10periodic
and update the following settings to "0"
:
APT::Periodic::Update-Package-Lists "0";
APT::Periodic::Download-Upgradeable-Packages "0";
APT::Periodic::AutocleanInterval "0";
Once you have made the updates above none of the packages managed by APT will be automatically updated including MySQL, Apache and PHP.
It's fine to also set APT::Periodic::Update-Package-Lists
to "0"
as you can still manually update the package lists when you like with sudo apt update
and manually update your packages with sudo apt upgrade
.
You shouldn't need to make any updates to /etc/apt/apt.conf.d/50unattended-upgrades
.
You may also want to disable snap packages from auto-updating however MySQL, Apache and PHP are usually managed by APT so this shouldn't be necessary if you are only really concerned with those packages not being automatically updated.
Important: Disabling automatic updates also means you won't be receiving important security updates for your system so unless you are in the habit of regularly updating your software packages it's probably best to leave automatic updates enabled.
Based upon the changes you have made, Unattended Upgrades should be disabled.
As a check, keep an eye on /var/lib/apt/periodic/ for a few days.
$ ls -l /var/lib/apt/periodic/
total 0
-rw-r--r-- 1 root root 0 Aug 20 16:58 download-upgradeable-stamp
-rw-r--r-- 1 root root 0 Aug 21 06:56 unattended-upgrades-stamp
-rw-r--r-- 1 root root 0 Aug 20 16:58 update-stamp
-rw-r--r-- 1 root root 0 Aug 20 07:06 update-success-stamp
-rw-r--r-- 1 root root 0 Aug 21 06:56 upgrade-stamp
The unattended-upgrades-stamp should stop incrementing daily.
Alternately, you can uninstall the unattended-upgrades
package. If you change your mind, you can simply re-install it.
Also, you must freeze your snap packages, which are not deb-based, and so do not use apt not Unattended Upgrades. For snaps, see How to stop snapd from auto-updating?
Remove updates from cron tasks.
I found 2 files on my Ubuntu 18.04:
/etc/cron.daily/update-notifier-common
/etc/cron.weekly/update-notifier-common
Remove these files or comment the files contents