On 11/12/2023 06:12, Charles Curley wrote:
Sorry. I had already stopped the apt-daily-upgrade.timer, which triggers the unattended upgrade service. (The couldn't give them similar names to act as a mnemonic?) This refers to disabling the unattended upgrade service.
I have not tested it, but from unit and scripts content my impression is that apt-daily-upgrade.service may apply security updates even when the unattended-upgrades package is not installed. Despite apt-daily-upgrade.timer is enabled out of the box, without unattended-upgrades, the service does nothing in default configuration. There are apt.conf settings to enable/diable upgrades.
As to "systemctl mask UNIT.service", the valid use case is suppressing a service that may be activated through D-Bus. The price is noise in logs on each attempt to invoke a D-Bus method. I am unsure if D-Bus specs allows to hide a D-Bus .service file (do not confuse with systemd services) installed by some package.
Usually it is enough to "systemdctl disable --now UNIT" for a .timer or a .socket that may cause activation of the service.
I assume unit dependencies and preventing accidental start from command line are rather specific use cases.