I am a sys admin newb, otherwise I would figure this out on my own. I have a slicehost slice and I noticed that there are a couple scripts that get run (the ones I mentioned in my question title) that look like they do system updating. I am wondering if that is not such a good idea to have these automatically run without supervision. The server runs an ecommerce site and any kind of upgrade that broke the server would be unfortunate. Please advise on best practice? Should I save those off somewhere and not have cron fire them unsupervised daily? What exactly are they doing? Thanks!

  • 151
  • 1
  • 2

3 Answers3


Short answer: both /etc/cron.daily/apt and /etc/cron.daily/aptitude are probably safe to leave enabled, and not causing you any unexpected upgrades.

Long answer:

/etc/cron.daily/aptitude on a default Hardy install just maintains a backup of your package state files in /var/backup as files named aptitude.pkgstates.0 through aptitude.pkgstates.6 (with files 1-6 being gzipped).

/etc/cron.daily/apt is more complex, and can do a variety of things based on your apt configuration settings, which are maintained in /etc/apt/apt.conf and the various include files under /etc/apt/apt.conf.d/

If you wonder if the daily apt script is performing unattended upgrades, check the output of this apt-config command. The following is default, and indicates that unattended upgrades are NOT being performed:

$ apt-config shell UnattendedUpgradeInterval APT::Periodic::Unattended-Upgrade

For more information on the "unattended upgrade" process (which i would NOT recommend for a production system), see /usr/share/doc/unattended-upgrades/README -- if that file is not present, you probably don't have the package "unattended-upgrades" installed.

The daily apt script at /etc/cron.daily/apt is well commented, and by default it runs an "apt-get update" every day. This simply keeps the cache of available package files current. It does not install or remove packages.

You CAN configure it to download updated package files which you can then manually install later, and you can configure it to clean up the downloaded package files (which are not needed after being installed).

All of this behavior is configured via the configuration settings stored in /etc/apt/apt.conf.d/10periodic -- these settings default to:

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "0";
APT::Periodic::AutocleanInterval "0";
APT::Periodic::Unattended-Upgrade "0";

I'd recommend verifying those settings and reading through the scripts that are in place in /etc/cron.daily, but you probably do not currently have anything performing unattended and unexpected upgrades.

  • 3,006
  • 1
  • 19
  • 10
  • 1
    Wow! Fantastic feedback Jeff, thanks! I will try out your suggestions. – user18536 Sep 02 '09 at 04:47
  • Running apt-config shell UnattendedUpgradeInterval APT::Periodic::Unattended-Upgrade actually produces no output. Not sure how to interpret that result. Any ideas? – user18536 Sep 02 '09 at 04:55
  • Well, I looked through the apt script some more and it looks like it is just keeping the cache updated, as you said. I am not 100% confident about that, but nearly. – user18536 Sep 02 '09 at 05:00
  • 2
    if "apt-config shell UnattendedUpgradeInterval APT::Periodic::Unattended-Upgrade" returns no output, then the /etc/cron.daily/apt script will use its internally specified default value for that variable, which is 0, meaning no unattended upgrades should be initiated by that script. – jeff Sep 02 '09 at 05:04
  • Ok, thanks for the info Jeff. That gives me confidence. – user18536 Sep 03 '09 at 05:21

That may not be enough info. You really have to read the scripts themselves to see what they are doing with that particular host. If they are indeed upgrading (vs just updating) you will definitely want to disable that on a production server. However just an update it fine as it is only updating the local cache of available programs from the repository. Some hosts even override the default distribution (hardy) repos with their own for more control. So check them out, but any decent host won't be updating any core components automatically on you. Sorry I don't have any personal experience with SliceHost to share.

  • 99
  • 3
  • Thanks for the quick response Ryan. The apt script is fairly complicated. It references quite a few externally defined variables that I hope to not chase. Hopefully someone will weigh in who has experience on ubuntu hardy (and perhaps on slicehost). I appreciate y our input though. I am hoping, like you, that it is only keeping downloaded packages fresh, but not installing them. – user18536 Sep 02 '09 at 04:45

Since I can't just edit stuff, and didn't like the scattered style here, I went ahead and asked and answered more systematically at this question.

Phil Miller
  • 1,725
  • 1
  • 11
  • 17