Open Ticket 
+373 79 600002 
Telegram Live Chat 
F.A.Q 
English
Русский 
Română 
Deutsch 
Français 
Türkçe 
Español 
Português 
Українська 
български 
Polski 
Indonesia 
中文 (中国) 
Linuxapt vs yum: Linux Package Management Explained for System Administrators
Linux package management is the mechanism by which software is installed, updated, configured, and removed on a Linux system. apt (Advanced Package Tool) handles `.deb` packages on Debian-based distributions such as Ubuntu and Linux Mint, while yum (Yellowdog Updater Modified) manages `.rpm` packages on Red Hat-based systems including CentOS and RHEL. Both tools abstract the complexity of dependency resolution, repository interaction, and package integrity verification — but they are architecturally distinct and not interchangeable.
Understanding which tool governs your system is not optional knowledge. It directly affects how you provision servers, automate deployments, write configuration management scripts (Ansible, Chef, Puppet), and maintain security patch cycles in production environments.
What Is a Linux Package Manager
A package manager is a collection of software tools that automates the full lifecycle of software on a Linux system: fetching packages from remote repositories, verifying cryptographic signatures, resolving and installing dependency chains, executing pre/post-install scripts, and registering the installation in a local package database.
The package database is critical and often overlooked. On Debian-based systems, it lives at `/var/lib/dpkg/`. On RPM-based systems, it resides in `/var/lib/rpm/`. Both databases maintain the authoritative record of what is installed, at what version, and with what file ownership — making them the backbone of system auditing and rollback operations.
Package managers interact with repositories — remote servers hosting curated collections of compiled, signed packages. The repository metadata (package lists, checksums, GPG keys) is synchronized locally before any installation occurs, which is why `apt update` or `yum check-update` must precede installation commands in automated scripts.
apt: Advanced Package Tool for Debian-Based Systems
apt is the high-level command-line interface for package management on Debian, Ubuntu, Linux Mint, Pop!_OS, and all derivatives. It operates on top of the lower-level `dpkg` tool, which handles the actual `.deb` package installation. Think of `dpkg` as the engine and `apt` as the intelligent driver that knows where to fetch fuel and in what order to burn it.
The apt Toolchain in Depth
The apt ecosystem includes several binaries that serve distinct purposes:
- `apt` — the modern, recommended interactive CLI (introduced in Ubuntu 14.04 / Debian 8)
- `apt-get` — the older, scriptable backend; preferred in shell scripts due to its stable output format
- `apt-cache` — queries the local package cache for metadata, descriptions, and dependency graphs
- `dpkg` — the low-level package installer; used directly when installing a local `.deb` file with `dpkg -i package.deb`
- `apt-mark` — marks packages as held, auto-installed, or manually installed
Core apt Commands with Technical Context
Update the local package index:
“`bash
sudo apt update
“`
This fetches updated metadata from all configured repositories in `/etc/apt/sources.list` and `/etc/apt/sources.list.d/`. It does not install or upgrade anything. Running this before any install operation is mandatory — skipping it means you may resolve to outdated package versions or miss security patches.
Upgrade installed packages:
“`bash
sudo apt upgrade
“`
Upgrades all packages for which a newer version exists, but will not remove any currently installed package or install a new package to satisfy a dependency. For a more aggressive upgrade that handles dependency changes:
“`bash
sudo apt full-upgrade
“`
`full-upgrade` (formerly `dist-upgrade`) will install new dependencies and remove conflicting packages as needed. Use it with caution on production systems.
Install a package:
“`bash
sudo apt install package_name
“`
To install multiple packages in a single transaction:
“`bash
sudo apt install nginx curl git
“`
Combining installs into one command is more efficient because apt resolves the full dependency graph once rather than repeatedly.
Remove a package (preserve configuration files):
“`bash
sudo apt remove package_name
“`
Purge a package (remove binaries and configuration files):
“`bash
sudo apt purge package_name
“`
Always prefer `purge` over `remove` when decommissioning a service. Leftover configuration files from `remove` can cause unexpected behavior if the package is reinstalled later.
Remove orphaned dependencies:
“`bash
sudo apt autoremove
“`
This is frequently neglected and leads to dependency bloat over time. Incorporate it into your regular maintenance workflow.
Search for a package:
“`bash
apt search package_name
“`
Inspect package details before installing:
“`bash
apt show package_name
“`
This reveals the package version, installed size, dependencies, and the maintainer — useful before pulling in an unfamiliar package.
Hold a package at its current version (critical for production stability):
“`bash
sudo apt-mark hold package_name
“`
This prevents `apt upgrade` from touching the package. Essential when you are running a specific kernel version or a pinned application release.
Real-World apt Use Case: Provisioning a Web Server on Ubuntu
“`bash
sudo apt update
sudo apt install -y nginx certbot python3-certbot-nginx
sudo systemctl enable nginx
sudo systemctl start nginx
“`
The `-y` flag suppresses the confirmation prompt, which is required for non-interactive provisioning scripts. Always pair this with `apt update` in the same script block to guarantee you are installing from current repository metadata.
yum: Yellowdog Updater Modified for RPM-Based Systems
yum is the package manager for Red Hat Enterprise Linux (RHEL), CentOS 7, and older Fedora releases. It manages `.rpm` packages and sits on top of the RPM database. Like apt over dpkg, yum provides dependency resolution and repository management on top of the raw `rpm` command.
Critical architectural note: On CentOS 8+, RHEL 8+, and all modern Fedora releases, yum has been superseded by dnf (Dandified YUM). On these systems, the `yum` command is typically a symbolic link or alias to `dnf`. If you are managing any system running RHEL/CentOS 8 or later, you should be writing `dnf` commands. The command syntax is largely compatible, but dnf offers significantly better dependency resolution, a cleaner API, and modular repository support.
Core yum Commands with Technical Context
Check for available updates without applying them:
“`bash
sudo yum check-update
“`
This is particularly useful in automated monitoring scripts to detect whether a system is behind on patches without triggering an upgrade.
Apply all available updates:
“`bash
sudo yum update
“`
Unlike `apt upgrade`, `yum update` will also install new dependency packages as needed. There is no separate `full-upgrade` equivalent — yum handles this by default.
Install a package:
“`bash
sudo yum install package_name
“`
Remove a package:
“`bash
sudo yum remove package_name
“`
Note: yum's remove operation can sometimes cascade and remove dependent packages. Always review the transaction summary before confirming.
Search for a package:
“`bash
yum search package_name
“`
Inspect package information:
“`bash
yum info package_name
“`
List installed packages:
“`bash
yum list installed
“`
Clean the local cache:
“`bash
sudo yum clean all
“`
Clears cached package data and metadata. Run this when you suspect stale repository data is causing resolution failures.
Hold a package at its current version:
“`bash
sudo yum versionlock add package_name
“`
Requires the `yum-plugin-versionlock` plugin. The equivalent of `apt-mark hold`, this is essential for maintaining stable production environments where a specific package version must not be touched by automated updates.
Real-World yum Use Case: Deploying Apache on CentOS 7
“`bash
sudo yum install -y httpd
sudo systemctl enable httpd
sudo systemctl start httpd
sudo firewall-cmd –permanent –add-service=http
sudo firewall-cmd –reload
“`
A common mistake is installing Apache and forgetting to open the firewall. On CentOS/RHEL systems, `firewalld` is active by default and will silently block HTTP traffic even if the service is running.
apt vs yum: Direct Comparison
| Feature | apt (Debian/Ubuntu) | yum / dnf (RHEL/CentOS/Fedora) |
|---|
| — | — | — |
|---|
| Package format | `.deb` | `.rpm` |
|---|
| Underlying tool | `dpkg` | `rpm` |
|---|
| Primary distributions | Debian, Ubuntu, Mint, Pop!_OS | RHEL, CentOS, Fedora, AlmaLinux, Rocky Linux |
|---|
| Successor / modern CLI | `apt` (replaced `apt-get` for interactive use) | `dnf` (replaced `yum` on RHEL 8+) |
|---|
| Dependency resolution | Automatic, handles conflicts | Automatic; dnf is more robust than yum |
|---|
| Repository configuration | `/etc/apt/sources.list`, `/etc/apt/sources.list.d/` | `/etc/yum.repos.d/*.repo` |
|---|
| Package hold mechanism | `apt-mark hold` | `yum versionlock` (plugin required) |
|---|
| Local package install | `dpkg -i file.deb` | `rpm -i file.rpm` or `yum localinstall` |
|---|
| Cache management | `apt clean`, `apt autoclean` | `yum clean all` |
|---|
| Orphan removal | `apt autoremove` | `yum autoremove` (dnf handles this better) |
|---|
| Transaction history | Limited | Full transaction history with rollback via `yum history` |
|---|
| Module streams | Not natively supported | Supported in dnf (Application Streams) |
|---|
| GPG signature verification | Yes | Yes |
|---|
| Scripting-friendly flag | `-y` (non-interactive) | `-y` (non-interactive) |
|---|
dnf: The Modern Successor to yum
If you are managing any RHEL 8+, CentOS Stream, AlmaLinux, Rocky Linux, or Fedora system, dnf is your package manager. The transition from yum to dnf is not cosmetic — dnf resolves a number of long-standing architectural problems in yum:
- Dependency resolution: dnf uses the `libsolv` library, which is significantly faster and more accurate than yum's resolver
- API stability: dnf exposes a stable Python API for scripting and automation
- Module streams: dnf supports Application Streams, allowing multiple versions of the same software (e.g., PHP 7.4 and PHP 8.1) to coexist in repositories
- Transaction rollback: `dnf history undo <id>` allows you to roll back a specific transaction — a capability with no direct equivalent in apt
Key dnf commands that differ from yum:
“`bash
Install a module stream (e.g., PHP 8.1)
sudo dnf module enable php:8.1
sudo dnf install php
Roll back the last transaction
sudo dnf history undo last
Check which package provides a specific file
sudo dnf provides /usr/bin/python3
“`
Repository Management: A Critical Operational Skill
Both apt and yum/dnf are only as useful as the repositories they are configured to use. Misconfigured or untrusted repositories are a significant security risk.
On Debian/Ubuntu, add a third-party repository safely:
“`bash
Import the GPG key
curl -fsSL https://example.com/gpg.key | sudo gpg –dearmor -o /usr/share/keyrings/example-archive-keyring.gpg
Add the repository with key reference
echo "deb [signed-by=/usr/share/keyrings/example-archive-keyring.gpg] https://repo.example.com/apt stable main" | sudo tee /etc/apt/sources.list.d/example.list
sudo apt update
“`
On RHEL/CentOS, add a repository:
“`bash
sudo yum-config-manager –add-repo https://repo.example.com/centos/example.repo
Or manually create /etc/yum.repos.d/example.repo
“`
Security principle: Never add a repository without verifying its GPG key independently. A compromised repository can push malicious packages that will be installed with root privileges.
Choosing the Right Package Manager for Your Server Environment
The package manager you use is dictated by your Linux distribution — you do not choose apt or yum independently. What you do choose is your distribution, and that decision has downstream consequences for package availability, enterprise support contracts, security patch cadence, and tooling compatibility.
- Ubuntu LTS (apt): Best choice for general-purpose VPS Hosting workloads, web servers, and developer environments. Long-term support releases receive 5 years of security updates, extendable to 10 with Ubuntu Pro.
- RHEL / AlmaLinux / Rocky Linux (dnf): The standard for enterprise production environments, particularly when running on Dedicated Servers that require certified software stacks, compliance frameworks (PCI-DSS, HIPAA), or ISV-supported application deployments.
- Debian Stable (apt): Extremely conservative package versions, making it ideal for servers where stability is prioritized over cutting-edge software. Commonly used for long-running database and mail servers.
- CentOS Stream / Fedora (dnf): Suitable for development and staging environments where you want to track upstream RHEL changes before they land in stable releases.
When deploying a control panel like cPanel, the underlying package manager matters significantly. cPanel officially supports AlmaLinux, Rocky Linux, and CloudLinux — all dnf-based. If you are using a VPS with cPanel, you will be working within a dnf environment on modern deployments.
For environments where you need a graphical or web-based interface to manage packages and server configuration without dropping to the command line, explore VPS Control Panels that abstract package management into a UI while still leveraging apt or dnf under the hood.
Security Hardening Through Package Management
Package managers are a primary attack surface for supply chain attacks. These practices are non-negotiable on any internet-facing server:
- Enable automatic security updates — On Ubuntu: `unattended-upgrades` package. On RHEL/CentOS: `dnf-automatic` with `apply_updates = yes` in `/etc/dnf/automatic.conf`.
- Verify GPG signatures — Never disable GPG checking (`–nogpgcheck` in yum/dnf or `–allow-unauthenticated` in apt) outside of isolated lab environments.
- Audit installed packages regularly — Use `dpkg -l` or `rpm -qa` to generate a full package manifest. Diff this against a known-good baseline.
- Remove unnecessary packages — Every installed package is an attack surface. Run `apt autoremove` or `dnf autoremove` after major deployments.
- Pin critical packages — Use `apt-mark hold` or `dnf versionlock` to prevent unintended upgrades of packages like the kernel, OpenSSL, or database engines on production systems.
If you are running a mail server or hosting email infrastructure, keeping packages like Postfix, Dovecot, and their TLS dependencies current is especially critical. Pair rigorous package management with properly configured SSL Certificates to maintain encrypted transport security. Similarly, web hosting environments managed through Shared Web Hosting platforms benefit from the hosting provider maintaining underlying package security, but understanding the package layer remains valuable for debugging and custom configuration.
Practical Decision Matrix and Key Takeaways
Before running any package management command on a production system, work through this checklist:
Pre-operation checklist:
- Confirm which distribution and version you are running: `cat /etc/os-release`
- Confirm the correct package manager: `which apt` or `which dnf` or `which yum`
- On apt systems: always run `sudo apt update` before `apt install` or `apt upgrade`
- On yum/dnf systems: `sudo yum check-update` or `sudo dnf check-update` before upgrades
- Review the transaction summary before confirming any install or remove operation
- For production servers: test package upgrades on a staging environment first
- After major upgrades: verify service status with `systemctl status <service>`
- After removing packages: run `apt autoremove` or `dnf autoremove` to clean orphans
Architecture decisions:
- Use `apt full-upgrade` instead of `apt upgrade` only when you understand and accept that packages may be removed
- Use `dnf` instead of `yum` on any system running RHEL 8 / CentOS 8 or later
- Use `apt-get` (not `apt`) in shell scripts and CI/CD pipelines for stable, parseable output
- Use `yum versionlock` or `apt-mark hold` before any automated update pipeline touches a production server
- Never add third-party repositories without importing and verifying their GPG keys
FAQ
What is the difference between apt and apt-get?
`apt` is the modern, user-facing command introduced to consolidate `apt-get` and `apt-cache` into a single tool with cleaner output and a progress bar. `apt-get` remains available and is preferred in scripts because its output format is guaranteed stable across versions. For interactive terminal use, `apt` is the current standard.
Can I use apt on a CentOS or RHEL server?
No. apt is exclusively for Debian-based systems and manages `.deb` packages. CentOS and RHEL use the RPM package format, managed by yum or dnf. The package formats and databases are architecturally incompatible — there is no conversion layer.
What is the yum equivalent of apt autoremove?
`sudo yum autoremove` or `sudo dnf autoremove` removes packages that were installed as dependencies but are no longer required by any explicitly installed package. The dnf implementation is more reliable than the legacy yum version.
How do I prevent a specific package from being upgraded by apt or yum?
On apt-based systems: `sudo apt-mark hold package_name`. On yum/dnf systems: install the `yum-plugin-versionlock` plugin and run `sudo yum versionlock add package_name`, or on dnf: `sudo dnf versionlock add package_name`. Both mechanisms survive `upgrade` and `update` commands until explicitly released.
Is yum still relevant in 2024?
For CentOS 7 and RHEL 7 systems still in production, yes — yum remains the package manager. However, CentOS 7 reached end-of-life in June 2024. Any system still running CentOS 7 should be migrated to AlmaLinux 8/9 or Rocky Linux 8/9, both of which use dnf. Writing new automation scripts targeting yum exclusively is no longer advisable.