How to Stop Services From Starting at Install on Debian

During a previous Debian post I said (regarding installing new services):

I prefer debian defaulted to disabled.  There are ways to prevent this behavior using systemd presets, but we’ll leave that for another day.

Today is that day.

On Debian, if you install a new package (for example, the MariaDB database server), it will be set to enabled (start at boot) and started immediately.

Whether this is a good thing or a bad thing depends on your personal philosophy.

The case for Debian’s way is that you installed the package, so evidently you want to use it.  The majority case (probably by an overwhelming majority) is that people want to install MariaDB and use it.  If it’s not enabled and started, people have to type extra commands.  Since most people don’t want to do that and people who prefer the opposite approach (not enabled), the minority should bear the burden of extra typing to get a less popular option.

The alternate view is that it’s good security package to not start services by default.  RHEL/Fedora takes this approach, and so do the BSDs.  Just installing the package does not necessarily mean you want to run the service.  For example, you might only want a piece of the software or the man pages.  Also, you may want to run it, but not right now – you might be staging something.  Also, Debian does not auto create firewall rules for you, so while ‘apt install nginx’ will install the webserver, it may still be useless out of the box.

Which way you go, as I said, is philosophy.

If you do decide you’d rather packages weren’t enabled and started at install, it’s a one-liner to stop it.  Just type:

echo 'disable *' >> /usr/lib/systemd/user-preset/90-systemd.preset

This uses systemd’s preset system to set a policy that says “all packages disabled by default”.

Please follow and like us: