User Tools

Site Tools


foss:ubuntu:updatenotification

Getting automatically update notification

Introduction

This article will try to expose a safe way to get e-mail notification when new updates are available on a Ubuntu server.

Intended readership

This document is intended to end user who wants to be notified by e-mail when new updates are available on their Ubuntu server. The user is assumed to have basic knowledge of the Linux OS and of the command line. He can edit files using nano or any other command line text editor.

Applicability statement

This document applies to Ubuntu Server Edition 6.10 & 7.04. Other versions of this software or other linux distribution could apply, but have not been validated. The user must have access to administrative rights to perform the described actions.

In addition, the following requirements apply to this guide:

  • Package management system compatible with Debian or Ubuntu system (using dpkg and apt-get)
  • Cron-like automation (can be supported by a variety of service like anacron)
  • (optional) a SMTP server for sending e-mail outside.

Conventions

All user commands will be written in Courier New font, and will start with a '$' symbol that should not be reproduced when typing the commands. This symbol represents the SHELL prompt character. The commands will be given for a BASH syntax shell.

Concept

The idea of this article is to use a special user account (which will be somehow protected) to verify periodically for updates. It is based on the standard Ubuntu package management system and uses only program from the Ubuntu main repository. It does not use program from unsupported repository (like universe or multiverse). E-mail are sent to a designated e-mail box either locally or remotely (some restrictions might apply in the later case, they will be described later on).

Guide

Dedicated user account

As said a special user account, dpkg-user, is used to check for updates. He belongs to the group dpkg. Here are the commands to create this group and user. N.B. if you like, you can use other names.

$ sudo addgroup --system dpkg
$ sudo adduser --system --no-create-home --ingroup dpkg dpkg-user

The first command creates a system group. The second one creates a user part of the previous group, which no one can use to login.

Update verification script

The dedicated user will need to launch a small program (a.k.a. script) to verify the presence of new updates. The verification script is pretty simple and one can create it with his favourite editor directly on the server using his normal account. The newly created file should contain the following code (you can create it in your home directory for the moment):

#!/bin/bash

apt-get -qq update && apt-get -qq --simulate dist-upgrade
exit $?

You can now save the file and give it the name update-verification.sh.

Explanation of what it does. The double && in between update and the second apt-get means that if the first command fails, the second command will not be launched. Now what do they mean?

For a definition of the capabilities of apt-get, see the article on apt-get from the official Ubuntu documentation. Basically the update parameter will update the list of available packages, whereas the dist-upgrade will perform the installation of new packages. However, because there is the –simulate flag, it will not perform the installation but will print out the list of packages it would install. As for the -qq flag, it just tells both command to be extremely quiet. So in our case, when there is no update, both commands are mute.

Scheduled automation

To schedule the update verification script at regular interval, Ubuntu offers a neat facility: cron. They are a few ways to use this facility. However, there is only one way to use cron for a dedicated user who is not the root user and it is by using the crontab command.

First, the script should be better place than in the normal user home directory and should be owned by the dedicated user.

$ sudo cp update-verification.sh /usr/local/sbin/
$ sudo chown dpkg-user:dpkg /usr/local/sbin/update-verification.sh
$ sudo chmod 0550 /usr/local/sbin/update-verification.sh

Now, it is time to set the scheduling for this script. You will need to verify that your favourite editor is set appropriately (cf. Tips section of Ubuntu Cron HowTo), then you can type the following command:

$ sudo -u dpkg-user crontab -e

This command tells sudo to use the account of dpkg-user to perform the edition of the crontab. This will effectively edit the dpkg-user cron definitions. To automate the script, a new line should be added. You can find two examples for this line, or you can create one by yourself (cf. Ubuntu Cron HowTo).

Daily scheduling

Everyday at 06:35, the command will be launched:

35 6 * * * /usr/local/sbin/update-verification.sh

Weekly scheduling

Every second day of the week at 06:35, the command will be launched:

35 6 * * 2 /usr/local/sbin/update-verification.sh

Permission problems

Now everyone knows that with Ubuntu, one need to have the root privilege to use the apt-get commands. So how come dpkg-user can call them with out using sudo? As it stands now, the script will fail because the permission will be denied to the dpkg-user. To change this behaviour, the following commands have to be executed:

$ cd /var
$ sudo chgrp -R dpkg lib/{dpkg,apt} cache/apt
$ sudo chmod -R g+w  lib/{dpkg,apt} cache/apt

This will give write permission for users of the group dpkg for the dpkg and apt directories under /var/lib, and for the apt directory under /var/cache.

Warning: sometimes after an update perform using the administrative privileges, the above directories might lose the privileges for the group dpkg.

E-mail notification

Notification by e-mail is pretty easy thanks to cron. In each crontab file, there is a possibility to set an environment variable. If it is set, any output from commands executed by cron will be sent to the intended recipient. So the crontab of dpkg-user has to be edited again:

$ sudo -u dpkg-user contab -e

And a new line at the beginning of the crontab should be added:

MAILTO=user@server

The address user@server can stand for a local address (such as login-name@locahost) or an internet e-mail (such as server@ubuntu.com). For the later type of address, one needs to install a local SMTP server. One can find SMTP server installation instructions on the Ubuntu documentation.

foss/ubuntu/updatenotification.txt · Last modified: 2015/05/01 23:32 (external edit)