How to Handle Automatic Updates in Ubuntu

Brief: This tutorial teaches you how to handle the unattended upgrade i.e. the automatic system updates in Ubuntu Linux.

Sometimes, when you try to shutdown your Ubuntu system, you may come across this screen that stops you from shutting down:

Unattended-upgrade in progress during shutdown, please don’t turn off the computer.

Unattended Upgrade In Progress In Ubuntu
Unattended Upgrade In Progress In Ubuntu

You might wonder what is this “unattended upgrade” and how come it is running without your knowledge.

The reason is that Ubuntu takes your system’s security very seriously. By default, it automatically checks for system updates daily and if it finds any security updates, it downloads those updates and install them on its own. For normal system and application updates, it notifies you via the Software Updater tool.

Since all this happens in the background, you don’t even realize it until you try to shutdown your system or try to install applications on your own.

Trying to install a new software when these unattended upgrades are in progress leads to the famous could not get lock error.

Could Not Get Lock

As you can see, the automatic updates present a couple of minor annoyance. You may choose to disable the auto updates but that would mean that you’ll have to check and update your Ubuntu system manually all the time.

Do you really need to disable auto updates?

Please note that this is a security feature. Linux allows you to do practically everything in your system even disabling these security features.
But in my opinion, as a regular user, you should not disable the automatic updates. It keeps your system safe after all.
For the sake of your system’s security, you may tolerate the minor annoyances that come with the automatic updates.

Now that you have been warned and you think it is better to take up the additional task of manually updating your system, let’s see how to handle the auto updates.

As always, there are two ways to do it: GUI and command line. I’ll show you both methods.

I have used Ubuntu 20.04 here but the steps are valid for Ubuntu 18.04 and any other Ubuntu version.

Method 1: Disable automatic updates in Ubuntu graphically

Go to the menu and look for ‘software & updates’ tool.

Software & Updates Settings Ubuntu in 20.04
Software & Updates Settings

In here, go to Updates tab. Now look for the “Automatically check for updates”. By default it is set to Daily.

You can change it to Never and your system will never check for updates on its own again. And if it won’t check for updates, it won’t find new updates to install.

Disable Auto Updates Ubuntu
Disable Auto Updates in Ubuntu Completely

If you do this, you must manually update your system from time to time. But that’s an additional chore to do and you may not remember it all the time.

Slightly better way to handle auto updates in Ubuntu

Personally, I would suggest to let it check for updates on its own. If you don’t want it installing the updates automatically, you can change that behavior to get notified about the availability of security updates.

Keep “Automatically check for updates” to Daily and change “When there are security updates” option to “Display immediately” instead of “Download and install automatically”.

Handle Auto Updates Ubuntu
Get notified for security updates instead of automatically installing them

This way, it checks for updates and if there are updates, instead of installing them automatically in the background, the Software Updater tool notifies you that updates are available for your system. Your system already does that for normal system and software updates.

Updates Available Ubuntu
Get notified about security updates

With this setup, you won’t see the “unattended upgrades in progress” when you shutdown your system However, you may still encounter the ‘could not get lock’ error because two separate processes cannot use apt package manager at the same time.

I believe this is a better solution, don’t you you think?

As I promised both GUI and command line methods, let me show you how to disable unattended upgrades in the terminal.

How to disable automatic updates in Ubuntu using command line

You’ll find the auto-upgrades settings in the /etc/apt/apt.conf.d/20auto-upgrades file. The default text editor in Ubuntu terminal is Nano so you can use this command to edit this configuration file:

sudo nano /etc/apt/apt.conf.d/20auto-upgrades

Now, if you don’t want your system to check for updates automatically, you can change the value of APT::Periodic::Update-Package-Lists to 0.

APT::Periodic::Update-Package-Lists "0";
APT::Periodic::Unattended-Upgrade "0";

If you want it to check for updates but don’t install the unattended-upgrades automatically, you can choose to set it like this:

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "0";

In the end…

The automatic security updates are enabled automatically for a reason and I recommend you keep it like this. A couple of minor annoyances are not really worth risking the security of your system. What do you think?

Similar Posts

  • The security update ignores all settings to shut it off or the ability to stop it is removed. Systemctl disable commands worked for awhile but it gets turned back on by another process. The commands don’t stick and it shows up again maybe a little later. It asks for authentication or waits for same. Its got a few back doors to keep it on, the question is how to disable it without crippling something else.
    When it triggers the system hangs and gets very slow and the mailserver queue gets huge or fails to connect. If the pop up is knocked down immediately then its not that bad but if you come back to the system and that popup is hanging there everything is hung up and processes seem to be shut off or hung that service terminals and mail services. If automated updates are allowed it has happened that the applications configuration gets broken. For awhile the 20.04 version could not even connect to updates due to a certificate error. The only fix is try to get a terminal to respond, then issue Sudo reboot now! alot every time this thing has run or if the popup is there click it about 20 times to knock it down. Not a good situation. Some suggest getting on another os instead. Pretty disgusted with any automated updates as they are resource hogs to the point of making the system useless.

  • Why didn’t you give us the commands to update manually, as a side-note, or something? You could place it into a little box, and say in case you wanted to know, the manual way is …

  • Force downloading of updates is authoritarian BS. I absolutely support defaulting to automatic updates but the users should ALWAYS have a way to opt-out of any update. Who the fuck is Ubuntu to force this shit down people’s throats? I’d probably apply every update but it is the PRINCIPLE that matters here. Do I own my computer? Am I in control? There is no automatic ongoing trust. For all I know, Ubuntu could install spyware tomorrow or get pressured by some big agency to do so. This is all kinds of bad. Fuck people who can’t respect individual rights. Yes, Ubuntu is not evil but it doesn’t matter. You’re missing the point and this is disgusting behavior if it can’t be stopped.

  • Abhishek, I appreciate the information you provided here and the general wisdom of keeping things up to date and the general attempts systems are making to be “evergreen” and up-to-date. But depending on the complexity of your server setup and the dependencies in place its not always wise to assume that an update/upgrade should be done just because it is available.

    There is a reason why IT departments tend to establish plans for when to do updates critical or otherwise and its for all the reasons they are familiar with and that Ubuntu/Microsoft/OSX/whatever-devs aren’t.

    So, having a caveat about disabling automatic updates is probably a good thing, however, sometimes those recommendations can come off as condescending when what you probably want to do is remind people that if they disable automatic updates they should have a plan to upgrade periodically to take advantage of security updates etc.

    I’ve been bitten by blindly following the auto-updates (today in fact) and also the anti-pattern of letting things fall too far behind.

    One recommendation toward that end would be if you provided a sample command/shell script that an admin could run to do the equivalent upgrade and clean that the auto-updater does if they want to trigger it manually at a time of their choosing. That way you are providing advice for good maintenance.

    • I understand where you are coming from, Arthur. Servers are different. This tutorial is focused on desktop users. Even in that case, it would be nice to have regular system snapshots to restore in case things go wrong.

    • Probably just better to disable all updates and write a script that manually updates specific things, like security updates in one script, software updates in another, system updates/upgrades in another, and then another that does all of them.

      That way you can run it whenever you’re confident you’re ready to deal with the potential disaster, like over a long weekend or just before holiday breaks.

  • As Matt wrote, neither of these two ways you document here work all of the way, Abhishek. Ubuntu will go on and notify you that updates and/or upgrades are available and warn you and want to install them. This has been the case for several of the last major releases of Ubuntu. It may not automatically install them, but it will check for them.