-3

Right after my login session, I would like Ubuntu to execute sudo apt-get update & apt-get dist-upgrade , systematically / automatically. The terminal must be opened so that I can see the output of each of these executions. In particular, I want to be asked to type "y/n" due to the command apt-get dist-upgrade. I don't want to have to type my password : thus, Ubuntu must use it as input of the sudo execution instead of me.

The modifications involved must be independant of any upgrade and migration of Ubuntu.

Question

Which bash file should I edit and in which way ?

JarsOfJam-Scheduler
  • 913
  • "In particular, I want to be asked to type "y/n" due to the command apt-get dist-upgrade" there is a command for that called "yes" in case you want it to automate the y. yes | apt dist-upgradde . Besides that: I consider this a bad way of doing this. – Rinzwind Aug 18 '18 at 17:48
  • DId you ever get this working? I have tested it on my machine... it's a nice little feature and actually gives more info and control than the auto-check process that would run anyway. – Joshua Besneatte Aug 19 '18 at 18:51
  • 1
    also, I am surprised at the down votes here... how is this any different (other than being way cooler) than having automatic updates enabled???? – Joshua Besneatte Aug 19 '18 at 18:55

2 Answers2

2

Sudo without password

You can tell sudo to let you execute commands without a password.

per the most upvoted answer here

Open terminal window and type:

sudo visudo

In the bottom of the file, type the follow:

$USER ALL=(ALL) NOPASSWD: ALL

You can also make it only allow apt to work without a password for just one user, and just for apt by adding this instead of the above:

username ALL = NOPASSWD: /usr/bin/apt

replacing "username" with your username. You may have to reboot for these changes to take effect.

I would highly recommend using the single user/app solution as this will be much more secure than allowing complete use off sudo without a password for all sudoers... This could be a SERIOUS security issue, esspecially if someone gained physical access to your computer. In general, if this computer contains sensitive data, you will want to forgo any kind of passwordless sudoing.

Run command on startup

  • GUi: In activities window search for "Startup" and run "Startup Applications" click the add button and create with the following command

OR

  • Command Line: add following command to the end of ~/.profile

The following command will open a terminal and run update:

gnome-terminal -- bash -c "sudo apt update && sudo apt dist-upgrade; read line"

Name and comment (gui) as you wish and save it. Now when you log in, a terminal will open and run your upgrade commands. You will not need to enter a password, but you will have to confirm the upgrade.

The window will then stay open until you press enter.

Now that you have this, you might want to go to Software & Updates and disable automatic checking for updates since this new script does it for you.

enter image description here

Joshua Besneatte
  • 4,773
  • 5
  • 23
  • 42
-1

This is easy enough, although I like to know what updates are applied so I prefer having the final say manually.

Anyway, the essential bit you need to know is how to run a sudo command from a script. That can be done using:

echo password | sudo -S

or with the longer explicit but equivalent version

echo password | sudo -u root --stdin

where password is your password, of course and the argument to -u is the user which is root in this case.

Then, note that your .profile bash script is run on logins. So in short, append the following commands to your .profile:

echo password | sudo -S apt-get update
echo password | sudo -S apt-get -y upgrade

where the -y flag to apt-get means answer yes to all questions. Your .profile should have been created when your account was made, but in case it's been deleted, you can copy the default from /etc/skel/.profile.

Finally, for security, you will probably want to chmod 600 .profile to protect your password.

Zanna
  • 70,465
Martin W
  • 2,545
  • 1
    Instead of putting a cleartext password into a shell script I'd recommend to add a file to /etc/sudoers.d which allows the user to issue sudo apt-get update without a password. – PerlDuck Aug 18 '18 at 15:19
  • @PerlDuck so I write the file .profile in /etc/sudoers.d/ ? Will it be recognized as .profile (and thus, executed right after the login) ? 2nd question : what is the best practice between that and chmod 600 .profile from Martin's answer ? – JarsOfJam-Scheduler Aug 18 '18 at 15:23
  • Yes, good idea! – Martin W Aug 18 '18 at 15:23
  • Btw, will the terminal be opened ? I would want to see the outputs of update and dist-upgrade. – JarsOfJam-Scheduler Aug 18 '18 at 15:25
  • @JarsOfJam-Scheduler No. Under no circumstance put .profile into /etc/sudoers.d. This might break your system because of improper syntax. Put a proper sudoers file there instead. – PerlDuck Aug 18 '18 at 15:29
  • @JarsOfJam-Scheduler: @PerlDuck is saying (correctly) that you need at add a sudo rule to allow your user (you probably) to execute apt-get without a sudo password. As long as you protect your .profile, the security risk should be minimal from the method that I suggested above. The main risk is that you accidentally unprotect this file and expose your password. Hence, the comment that @PerlDuck made about having a password in clear text. – Martin W Aug 18 '18 at 15:38
  • 1
    On your question above: if you login to your machine interactively (e.g. using ssh), the .profile will be sourced and you will see the output in your terminal. However, GDM will also source .profile at startup, so you will not see the results (not sure if that output will appear in the system journal, you would need to check). If you want to see output in some convenient location, you could redirect stdout and stderr into a file in the usual way. – Martin W Aug 18 '18 at 15:50
  • 2
    Do not put dist-upgrade into a script. That is asking for trouble. – Martin W Aug 18 '18 at 15:51
  • 1
    Remember to disable or uninstall unattended-upgrade to prevent lock conflicts and confusion. – user535733 Aug 18 '18 at 15:55
  • @MartinW I think the OP is asking for a Startup applications script that is run after login to the GUI. Just a guess. – PerlDuck Aug 18 '18 at 15:55
  • @PerlDuck: agreed, that would be another solution: put those same commands into an executable script and register that as a start-up application. In this solution, the commands would only be run automatically on GUI login. (Adding this additional info for the OP). Actually, I like this idea better than the .profile solution. – Martin W Aug 18 '18 at 16:00
  • 1
    @PerlDuck: here's another solution: use a systemd oneshot user script. It would start on login and exit after logout. – Martin W Aug 18 '18 at 19:00
  • Aside from the rest, we don't want the -y flag - OP wants to be asked to type y – Zanna Aug 20 '18 at 07:03