9

We have many systems, managed via Ansible. They are configured to run nightly security updates. We have a problem because the sudo package wants to put in a new /etc/sudoers. This is what now happens in our cron output:

/etc/cron.daily/apt:
Package 'sudo' has conffile prompt and needs to be upgraded manually

I can manually apt-get install sudo on a box and press the button to keep my config file, but that doesn't scale well. Is there a config I can tweak so that the nightly security updates, at least in this instance, know my preference to keep our local /etc/sudoers? Thanks!

wjandrea
  • 14,236
  • 4
  • 48
  • 98
dannyman
  • 608

1 Answers1

9

This appears to be the desired answer: https://unix.stackexchange.com/a/139554/5571

I also want to keep original config files while doing automatic updates. You can add the following to /etc/apt/apt.conf.d/50unattended-upgrades

Dpkg::Options {
   "--force-confdef";
   "--force-confold";
};

See here for a good explanation of the options: http://raphaelhertzog.com/2010/09/21/debian-conffile-configuration-file-managed-by-dpkg/

wjandrea
  • 14,236
  • 4
  • 48
  • 98
dannyman
  • 608