YUM (Yellowdog Updater, Modified) is the RPM-based package manager used on many Linux servers (CentOS, RHEL, AlmaLinux, Rocky Linux). It resolves dependencies, fetches packages from repositories, and automates installs, updates, and removals.
On RHEL 8+ derivatives, “yum” is a compatibility wrapper for DNF, but commands remain largely the same. If you’re running a Linux server, understanding YUM on Linux is essential.
This guide explains how YUM works, the most useful YUM commands, repository configuration, automation, security updates, and troubleshooting.
I’ll also share production tips from years of managing fleets of CentOS/RHEL servers and how we apply these practices on YouStable cloud VPS.
What is YUM and How it Works?
YUM is a high-level front end for RPM. Instead of manually resolving dependencies and downloading packages, you instruct YUM, and it reads repository metadata, computes dependency trees, and performs transactions safely.
It logs history, verifies GPG signatures, and keeps caches to speed up repeated operations. On RHEL 8+ and modern clones, YUM is a symlink/compat layer to DNF.
Your familiar yum commands still function, but the backend is DNF (libdnf), offering stronger dependency solving and better performance. On CentOS 7 and earlier, YUM is native.
Core Concepts: RPM, Repositories, Metadata, and GPG
RPM packages contain software binaries, scripts, and metadata. Repositories are web-accessible locations hosting RPMs plus repodata: package lists, checksums, and dependency info that YUM uses to solve installs and updates. GPG keys are used to verify package integrity, preventing tampered or unsigned packages from being installed.
Essential YUM Commands You’ll Use Daily
Update the System
Always refresh metadata, then bring packages up to date. On production, schedule maintenance windows before kernel or major updates.
# Update repo metadata
sudo yum makecache
# Update all packages (may include kernel)
sudo yum update
# Show what would change (dry run)
sudo yum update --assumenoSearch and Inspect Packages
# Find packages
sudo yum search nginx
# Detailed information about a package
sudo yum info nginx
# List available updates
sudo yum list updatesInstall, Remove, and List Packages
# Install a package
sudo yum install nginx
# Remove a package
sudo yum remove nginx
# List installed packages
sudo yum list installed
# Verify which package owns a file
sudo yum provides /usr/sbin/semanageGroup Operations
YUM groups let you install a curated set of packages for a role (e.g., “Development Tools”).
# Show groups
sudo yum group list
# Install a group
sudo yum groupinstall "Development Tools"Cleaning Caches
# Clear metadata and package caches
sudo yum clean all
# Rebuild cache after cleaning
sudo yum makecache fastConfiguring YUM Repositories
Repositories live in /etc/yum.repos.d/ as .repo files. Each repo has an ID, baseurl or mirrorlist, and GPG settings. Edit or add files carefully and keep backups before changes.
Create or Edit a Repo File
sudo vi /etc/yum.repos.d/custom.repo
[custom-app]
name=Custom App Repo
baseurl=https://repo.example.com/rpm/$releasever/$basearch
enabled=1
gpgcheck=1
gpgkey=https://repo.example.com/keys/RPM-GPG-KEY-customEnable or Disable Repositories
# Requires yum-utils on CentOS 7
sudo yum install -y yum-utils
# Enable a repo
sudo yum-config-manager --enable epel
# Disable a repo
sudo yum-config-manager --disable epel
# Temporarily use a repo for a single transaction
sudo yum --enablerepo=epel install htopAdd EPEL (Popular Extra Packages)
EPEL supplies many high-quality extra packages maintained by Fedora. It’s safe and common on CentOS/RHEL servers.
# CentOS/RHEL 7
sudo yum install -y epel-release
# Verify and use
sudo yum repolist
sudo yum install htopGPG Keys and Security
Keep gpgcheck=1. Import official vendor GPG keys, and never set gpgcheck=0 in production. This protects against unsigned or tampered packages.
# Example: import a vendor GPG key
sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7YUM vs DNF: What’s Different and What Stays the Same
On RHEL 8+/AlmaLinux/Rocky, yum is a wrapper for dnf. Most commands are identical, but DNF’s dependency solver is faster and more reliable. If you see dnf in documentation, you can usually substitute yum on these systems without changing behavior.
Command Parity Highlights
- yum update ≈ dnf upgrade
- yum install pkg ≈ dnf install pkg
- yum remove pkg ≈ dnf remove pkg
- yum groupinstall “Dev Tools” ≈ dnf groupinstall “Dev Tools”
- yum history ≈ dnf history (with more details in DNF)
If you’re standardizing across mixed fleets (CentOS 7 and Rocky/Alma 8/9), document both terms to avoid confusion.
Advanced YUM for Production Servers
Pin or Lock Package Versions
Stability matters. Use version locks to prevent surprise upgrades of critical components like the kernel, MySQL, or Nginx.
# Install versionlock plugin (CentOS 7)
sudo yum install -y yum-plugin-versionlock
# Lock current nginx version
sudo yum versionlock add nginx
# List and remove locks
sudo yum versionlock list
sudo yum versionlock delete nginxUse History to Audit or Roll Back
# View transactions
sudo yum history
# Roll back a transaction ID if safe
sudo yum history undo <ID>Rollback works best for simple transactions. For kernel or core library changes, plan a full rollback strategy and snapshots.
Download-Only and Offline Installs
# Download RPMs without installing (CentOS 7)
sudo yum install --downloadonly --downloaddir=/tmp/rpms nginxThis is helpful for air-gapped servers or building golden images.
Performance: Mirrors and Cache
- Enable fastestmirror to pick quicker mirrors.
- Tune metadata_expire to reduce frequent metadata downloads.
- Keep a local caching proxy (Squid) for large fleets.
# In /etc/yum.conf
fastestmirror=1
metadata_expire=6hProxy Support
# In /etc/yum.conf
proxy=http://proxy.example.com:3128
proxy_username=user
proxy_password=secretAutomating Updates and Applying Security Fixes
Unattended Updates with yum-cron
For CentOS/RHEL 7, yum-cron can auto-apply updates or send notifications. For RHEL 8+/clones, use dnf-automatic.
# CentOS/RHEL 7
sudo yum install -y yum-cron
sudo systemctl enable --now yum-cron
# Configure behavior
sudo vi /etc/yum/yum-cron.confSecurity-Only Updates
On RHEL/CentOS with security metadata, you can restrict updates to security advisories. Note: some rebuilds may lack complete security metadata.
# Security advisories only (CentOS/RHEL 7 with plugin)
sudo yum --security update
# Minimal required security updates
sudo yum --security update-minimalKernel Updates and Reboots
Kernel updates require a reboot to take effect. In maintenance windows, pair updates with controlled reboots and health checks. Tools like kexec or live patching may reduce downtime, but coordinate with your SRE process.
Troubleshooting YUM
Fix Stale Metadata or Incomplete Transactions
# Clear everything and retry
sudo yum clean all
sudo yum makecache
# Resolve interrupted transactions
sudo yum-complete-transactionDependency Conflicts
- Disable conflicting repos temporarily: –disablerepo=<id>
- Exclude risky packages in /etc/yum.conf: exclude=kernel* mysql*
- Lock versions with yum-plugin-versionlock.
Repository Unavailable or GPG Errors
- Check network and proxy settings.
- Verify baseurl/mirrorlist and GPG key URLs in repo files.
- Confirm system time (TLS fails if the clock is wrong).
RHEL Subscription Issues
On RHEL, ensure entitlements are active and correct repositories are enabled with subscription-manager. Without active repos, YUM/DNF won’t find packages.
Real-World Use Cases on YouStable VPS
Provisioning Minimal Images
On YouStable VPS, we recommend starting with a minimal CentOS/Alma/Rocky image and installing only what you need via YUM. This reduces the attack surface and speeds up patch cycles.
Controlled Update Policy
Pin critical components, apply security updates weekly, and schedule full updates monthly. For clusters, roll updates node-by-node to maintain uptime. Our infrastructure team follows the same pattern across production fleets.
Rollback and Recovery Plan
Before major updates, take snapshots (or images) of your YouStable VPS. If an update breaks an application, use yum history undo when appropriate, or revert to the snapshot to restore service quickly.
Best Practices Checklist
- Keep gpgcheck=1 and import correct vendor keys.
- Use stable, verified repositories (EPEL, vendor-provided repos).
- Document enabled repos and lock critical package versions.
- Automate security updates; schedule full updates in maintenance windows.
- Test updates in staging before production rollout.
- Snapshot or back up before major changes.
- Monitor with alerts for update failures or repo outages.
FAQ’s: YUM on Linux Servers
Is YUM the same as RPM?
No. RPM installs individual packages but doesn’t resolve dependencies automatically. YUM is a higher-level tool that uses RPM under the hood while handling dependency resolution, repositories, and transactions for you.
Is it safe to run “yum update” on production?
Yes, when planned properly. Take a snapshot, review changes with “yum update –assumeno,” apply during maintenance windows, and reboot if kernels or core libraries change. Consider version locks for critical components.
How do I roll back a bad update?
Use “yum history” to identify the transaction and “yum history undo <ID>” to revert if safe. For complex updates (kernels, glibc, database engines), revert to a pre-update snapshot for reliability.
How do I list only security updates?
On CentOS/RHEL 7 with security metadata and plugins, run “yum –security list updates” or “yum –security update.” On some rebuilds, security metadata may be partial; verify your distro’s support before relying on it.
What’s the difference between YUM and DNF?
DNF is the next-generation package manager that replaced YUM on RHEL 8+. It offers improved dependency solving and performance. The “yum” command on these systems calls DNF, so most workflows and syntax remain the same.
Mastering YUM on Linux gives you confident control over software on your servers. Whether you run a single VPS or a fleet, following the practices above—combined with the reliable infrastructure at YouStable—keeps your stack secure, current, and predictable.
