prevent user from updating packages in Ubuntu

Question

I have a TX2 that I'm using a custom carrier board with. The BSP for this board is flashed onto the TX2, rather than one directly from NVIDIA. There have been issues when user have attempted to do a package list update ie apt-get upgrade. and I would like to disable the ability for users to run the upgrade command. My first thought was to create an alias with the same name, but I can't create a multi-word alias.

So is there a way to disable the ability for users utilize .

The setup is a single log in for all users. They need root access for everything else, so I can't limit the user privileges, but I do not want them being able to upgrade the package lists.

Answer 1

You can't really disable 'upgrade' while still allowing users to use 'install'. Either they'll become unable to install newer packages due to non-upgraded libraries, or apt itself will upgrade the packages during installation. (Indeed even apt-get install your_package will upgrade it if a newer version is not available.)

There are a few ways you can avoid the upgrade of specific packages:

• Use apt-mark hold your_package.

• Use /etc/apt/preferences ("apt-pinning") to give priority to one repository over another, regardless of package version.

• Manage your own package repository which only has your hand-picked packages.

• Make sure the package isn't in the repositories at all – that way there won't be anything to upgrade it to. If you've customized an existing package, give it a different name than the original.

• Make sure your package always has a higher version, be it 9999.99.9-9 or something.

• Install the files without using a package.