How to Disable “Unattended Upgrades” in Ubuntu
The Unattended Upgrades feature in Ubuntu allows it to automatically install important updates, like security patches and system fixes, without needing you to do it manually.
This keeps your system up to date and helps protect it from security risks. It’s also convenient since you don’t have to remember to check for updates all the time.
Now, let’s check if it’s installed and running.
Check if “Unattended Upgrades” is Enabled
There are several ways to check if unattended upgrades are enabled on your Ubuntu system.
One method is to look at the /etc/apt/apt.conf.d/20auto-upgrades file. If the following options are set to “1”, it means they are enabled:
APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Unattended-Upgrade "1";
This setup ensures that your package lists are updated regularly and any available updates are installed automatically.
You can also review the /etc/apt/apt.conf.d/50unattended-upgrades file for additional settings. This file defines which packages will be automatically upgraded, which will be excluded, and how often the upgrades happen.
By default, security-related updates are enabled, as shown below:
Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}";
"${distro_id}:${distro_codename}-security";
"${distro_id}ESMApps:${distro_codename}-apps-security";
"${distro_id}ESM:${distro_codename}-infra-security";
// "${distro_id}:${distro_codename}-updates";
// "${distro_id}:${distro_codename}-proposed";
// "${distro_id}:${distro_codename}-backports";
};
Finally, to confirm that the unattended upgrades service is running, use the following command:
sudo systemctl status unattended-upgrades
This will show the status of the service that handles regular updates on your machine.
Should you disable Unattended Upgrades?
In general, it’s a good idea to keep “Unattended Upgrades” enabled, as it helps keep your system secure by automatically installing important updates.
However, it can be a double-edged sword. While it ensures your system stays up to date, it might also change your system’s state or introduce new issues without you knowing. In environments where stability is crucial, like production systems, you might prefer to handle updates manually.
If you’ve found that “Unattended Upgrades” has caused more problems than it solves, such as services failing to run after an upgrade or instability with new updates, you may want to disable it and manage updates manually. To do this, run the following command:
sudo dpkg-reconfigure unattended-upgrades
You’ll be prompted with the option to enable or disable “Unattended Upgrades.” Select No to disable it.
This will update the /etc/apt/apt.conf.d/20auto-upgrades file. When you see the file, it should now set each of the configs there to “0”. This means that package lists won’t be updated and any new updates won’t be installed automatically.
APT::Periodic::Update-Package-Lists "0"; APT::Periodic::Unattended-Upgrade "0";
Since we’ve disabled the automatic updates, we can take it further by disabling the service so it won’t keep running on the machine:
sudo systemctl stop unattended-upgrades sudo systemctl disable unattended-upgrades
This will force the unattended-upgrades service to remain disabled after a restart.
Conclusion
While “Unattended Upgrades” is a helpful feature in Ubuntu, it may not be the best fit for every environment. If it’s causing more issues, you can always disable it and take control of updates manually. This way, you can avoid unexpected changes and maintain more stability.
However, once it’s disabled, you’ll need to regularly check for updates and install them yourself to keep your system secure. Staying up to date is important for security, so make sure you have a plan in place to manage updates efficiently.