Keeping all computer systems up-to-date is an essential cornerstone of keeping them safe and secure, and is also required by university regulations. This guide explains how SCI IT keeps Linux hosts (desktops and interactive servers) up to date via an automatic process, and how users can have control over how it works.
Auto-updates
Auto-updates is a means by which Linux machines identify when an update is needed and then update themselves if so. There are three variables that control this:
- how long is “too long” since the machine was last patched (default: 30 days)
- when an appropriate time to perform a system upgrade (default: Wednesday and 3am, MTZ)
- how much advanced warning users are given before the update happens (default: 5 days)
The way it works is that each Linux machine in SCI, once a day, checks whether it’s been “too long” since the last package upgrade, and if so, it schedules an auto-update for the next suitable window (making sure that enough advance warning is given). Once an update is scheduled, a warning is displayed when logging into the machine, with additional Slack/email notifications being sent out (if configured for that machine). When the window arrives, the system upgrades the operating system and possibly reboots (if needed).
Note, you can always check the update status of a host by running the command /local/bin/update-localhost --check. For example:
[@yourmachine] ~ > update-localhost --check
Auto-update policy:
Max age before auto-update: 30 days
Min delay before scheduling: 5 days
Preferred schedule: wednesday at 03:00
Current status:
Last upgrade: 2026-04-27 09:46:12 (9 days ago)
Reboot currently needed: no
Scheduled auto-update:
Host is up to date (21 days until auto-update)
[@yourmachine] ~ >What if the update comes at an inconvenient time?
With the advance notification, users should have plenty of warning before a system patches or reboots. If the timing of this process is inconvenient for whatever reason, there are a couple of things you can do:
- have a power user (see below) for that system preemptively update the machine, either by running an update cycle manually or scheduling one before the auto-update runs
- contact SCI IT and have us work with you to find a good time for the system to be updated
Power Users
SCI IT can grant the ability for certain users to control the update cycle on a machine. Usually this is the owner of a Linux desktop system or a research group representative. If you feel that you should be a power user for a system, please contact your IT Liaison or SCI IT.
Tuning auto-update preferences
Power users can edit /local/etc/auto-update.conf to change when auto-updates run and how notifications are delivered. Simply use sudoedit — sudo opens the file in your preferred editor with the right privileges: sudoedit /local/etc/auto-update.conf.
Fields you can change:
UPDATE_DAY– preferred day of the week for updates (e.g.,wednesday)UPDATE_TIME– preferred time of day in 24-hourHH:MMformatREBOOT_AFTER_UPDATE–trueorfalse— reboot after update if neededNOTIFY_EMAIL– Comma-separated email addresses to also notifyNOTIFY_SLACK– Additional Slack channel(s) to also notifyMOTD_WARNING_DAYS–how many days before to show a warning (in motd) before a scheduled update
Changes take effect at the next daily scheduler check (typically midnight). Some limits (e.g., maximum allowed age between
updates) are set by SCI IT policy and can’t be loosened or made longer in the config file.
Running updates manually
Power users can also run /local/bin/update-localhost to update a host outside of the regular cycle (either immediately or scheduled in the future); this can be used to postpone the next auto-update or to just pick up new software updates if desired. Please run /local/bin/update-localhost --help for more details.