Disable automatic updates ubuntu 18.04

Question

I'm running an Ubuntu 18.04 server and was trying to disable every update and upgrade there is but am still not quite sure on what exactly to do. Ignoring the security aspect that comes with it, how do I disable automatic updates for Ubuntu 18.04, MySQL, Apache and PHP via command line?

As far as I know, MySQL Apache and PHP should not automatically update when I disable automatic updates / package list updating on Ubuntu, is that correct?

For Ubuntu, the only things I found were in /etc/apt/apt.conf.d/10periodic :

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "0";
APT::Periodic::AutocleanInterval "0";

which I would set to 0.

APT::Periodic::Update-Package-Lists "1"; set to 0 basically makes it impossible for any package / software e.g. MySQL Apache and PHP to update, right?

And in /etc/apt/apt.conf.d/50unattended-upgrades :

Unattended-Upgrade::Allowed-Origins {
          "${distro_id}:${distro_codename}";
          "${distro_id}:${distro_codename}-security";
          "${distro_id}ESM:${distro_codename}";
//        "${distro_id}:${distro_codename}-updates";
//        "${distro_id}:${distro_codename}-proposed";
//        "${distro_id}:${distro_codename}-backports";
};

In there, I would just comment out line 2-4.

Anything else I would need to do or are all automatic updates / upgrades disabled after this?

Have you tried sudo apt-get purge update-manager update-notifier ? This should stop all updates that you don't do manually. — xiota, Aug 21 '19 at 11:39
Future readers: The main purpose of Unattended Upgrades in Ubuntu is security, though it can be used for other purposes of course. — user535733, Aug 21 '19 at 14:11

score 9 · Answer 1 · edited Jul 29 '20 at 19:48

According to the docs it says to update the settings in /etc/apt/apt.conf.d/20auto-upgrades. So I would update these settings to "0" as well:

APT::Periodic::Update-Package-Lists "0";
APT::Periodic::Unattended-Upgrade "0";

But to be super sure you could still edit /etc/apt/apt.conf.d/10periodic and update the following settings to "0":

APT::Periodic::Update-Package-Lists "0";
APT::Periodic::Download-Upgradeable-Packages "0";
APT::Periodic::AutocleanInterval "0";

Once you have made the updates above none of the packages managed by APT will be automatically updated including MySQL, Apache and PHP.

It's fine to also set APT::Periodic::Update-Package-Lists to "0" as you can still manually update the package lists when you like with sudo apt update and manually update your packages with sudo apt upgrade.

You shouldn't need to make any updates to /etc/apt/apt.conf.d/50unattended-upgrades.

You may also want to disable snap packages from auto-updating however MySQL, Apache and PHP are usually managed by APT so this shouldn't be necessary if you are only really concerned with those packages not being automatically updated.

Important: Disabling automatic updates also means you won't be receiving important security updates for your system so unless you are in the habit of regularly updating your software packages it's probably best to leave automatic updates enabled.

score 3 · Answer 2 · answered May 09 '20 at 01:12

3

Remove updates from cron tasks.
I found 2 files on my Ubuntu 18.04:

/etc/cron.daily/update-notifier-common 
/etc/cron.weekly/update-notifier-common

Remove these files or comment the files contents

answered May 09 '20 at 01:12

Andrey Izman

387
3
6

user535733 · Answer 3 · 2019-08-21T15:45:48.767

Based upon the changes you have made, Unattended Upgrades should be disabled.

As a check, keep an eye on /var/lib/apt/periodic/ for a few days.

$ ls -l /var/lib/apt/periodic/
total 0
-rw-r--r-- 1 root root 0 Aug 20 16:58 download-upgradeable-stamp
-rw-r--r-- 1 root root 0 Aug 21 06:56 unattended-upgrades-stamp
-rw-r--r-- 1 root root 0 Aug 20 16:58 update-stamp
-rw-r--r-- 1 root root 0 Aug 20 07:06 update-success-stamp
-rw-r--r-- 1 root root 0 Aug 21 06:56 upgrade-stamp

The unattended-upgrades-stamp should stop incrementing daily.

Alternately, you can uninstall the unattended-upgrades package. If you change your mind, you can simply re-install it.

Also, you must freeze your snap packages, which are not deb-based, and so do not use apt not Unattended Upgrades. For snaps, see How to stop snapd from auto-updating?

Will keep an eye on that, thanks. Is there anything else that possibly automatically updates the OS and / or packets? — user49201843, Aug 21 '19 at 15:35

score 0 · Answer 4 · answered Jan 27 '23 at 12:23

0

As of Ubuntu 20.04 [and this may be true of 18.04 as well, not sure], the preferred way to disable this is to use dpkg-reconfigure:

sudo dpkg-reconfigure -plow unattended-upgrades

and select "no" to the prompt.

answered Jan 27 '23 at 12:23

Bret Weinraub

101
2

score 0 · Answer 5 · answered Jan 27 '23 at 12:31

In case you want to prevent only certain packages from being updated, like here Apache and PHP, you may want to look at apt-pinning respectively apt-hold. These allow to hold a certain version of a program / package, even if a newer version is available. See PinningHowto in the Ubuntu Wiki.

Disable automatic updates ubuntu 18.04

5 Answers5

Linked

Related