# yum

> Source: Courseiva IT Certification Glossary — https://courseiva.com/glossary/yum

## Quick definition

Yum is a tool that helps you install and manage software on Linux computers, especially those running Red Hat or CentOS. Think of it like an app store for your Linux system where you can search for programs, install them, and keep them updated. Instead of downloading files from websites, yum automatically finds the software and all its supporting parts from a central catalog called a repository.

## Simple meaning

Imagine you have a giant LEGO set with hundreds of different pieces scattered across many different boxes. To build a complex spaceship, you need specific pieces, but you don't know which box they are in or what other smaller pieces you might need to connect them. Yum is like an automated helper who knows exactly where every LEGO piece is stored, which pieces are required to build your spaceship, and even knows if you already have some of those pieces at home. When you tell yum 'I want to build a spaceship,' it looks at the central catalog (the repository), finds all the necessary LEGO pieces, checks if you need any supporting pieces you might not have thought of (dependencies), and then fetches every single piece in the correct order, placing them neatly on your workbench.


In technical terms, yum automates the process of retrieving, configuring, and installing software packages. On a Linux system, software often comes in packages that rely on other packages to function correctly. For example, a video player might need a specific codec library, which itself needs a sound library. Manually finding, downloading, and installing all of these would be time-consuming and error-prone. Yum solves this by connecting to configured online repositories that contain thousands of signed packages. It reads metadata from these repositories, resolves the complex web of dependencies automatically, downloads only the packages needed, and installs them in the right sequence. It also keeps your system consistent by preventing you from installing conflicting versions of software. This process makes system administration much simpler, especially when managing hundreds of servers, because administrators can rely on yum to maintain a predictable and stable software environment.

## Technical definition

Yum (Yellowdog Updater Modified) is a high-level package management utility for RPM (Red Hat Package Manager)-compatible Linux distributions, such as Red Hat Enterprise Linux (RHEL), CentOS, Fedora, and Rocky Linux. It acts as a front-end to the lower-level RPM tool, abstracting away the complexities of manual dependency resolution, package verification, and repository management. The core function of yum is to automate the retrieval, configuration, and installation of software packages by interacting with remote software repositories.


Yum operates using a client-server model. The client (yum command) reads configuration files located primarily in /etc/yum.conf and /etc/yum.repos.d/. These files define the locations of repositories, which are essentially directories or URLs containing RPM packages and their associated metadata. When a user issues a command like 'yum install httpd', the tool first updates its local cache of repository metadata by downloading files like repomd.xml, primary.xml.gz, and filelists.xml.gz. These metadata files contain checksums, package descriptions, dependency information, and file listings for every package in the repository.


Once the metadata is refreshed, yum resolves dependencies using a SAT (boolean satisfiability) solver algorithm. This algorithm evaluates all available packages and their inter-dependencies to determine the minimal set of packages required to satisfy the installation request without breaking existing dependencies on the system. It checks for required dependencies, recommends optional packages, and detects conflicts or obsoletes. After a valid solution is found, yum downloads the necessary RPM files, verifies their GPG signatures against trusted keys (usually stored in /etc/pki/rpm-gpg/), and hands them to the RPM tool for installation. RPM performs the actual low-level installation, writing files to the filesystem, running pre-install and post-install scripts, and updating the RPM database (/var/lib/rpm/).


Key components include the yum cache (/var/cache/yum/), which stores downloaded packages and metadata to speed up future operations; transaction history (/var/lib/yum/history/), which logs every installation, update, or removal for rollback purposes; and plugin support, which extends yum's functionality for tasks like security updates (yum-security) or accelerated downloads (yum-fastestmirror). Yum also supports features like package groups (logical collections like 'Development Tools'), delta RPMs for bandwidth-efficient updates, and protected packages to prevent accidental removal of critical system components. In modern RHEL-based systems, yum has been superseded by dnf (Dandified Yum), which uses the same underlying concepts but offers better performance and a more robust dependency resolver. However, the yum command still exists as a compatibility symlink to dnf in many current distributions to preserve backward compatibility for scripts and administrative practices.

## Real-life example

Think of yum like ordering a complete meal at a restaurant instead of cooking from scratch. If you wanted to make beef stew at home, you would need to go to the grocery store and buy beef, potatoes, carrots, onions, broth, and spices one by one. You would also need to own the right cookware and know the correct recipe steps. But if you miss an ingredient like bay leaves or forget that you need a Dutch oven, your stew might fail. Ordering the same beef stew at a restaurant is much simpler. You tell the waiter 'I'll have the beef stew,' and the kitchen team handles everything. They have a central stock of ingredients (the repository), they know that beef stew also needs carrots and potatoes even if you did not list them (dependencies), and they have the exact recipe to cook it perfectly (package scripts).


In this analogy, you are the system administrator telling yum what software you want. The waiter is the yum command that takes your order. The kitchen is the repository containing many pre-made packages. The chef knows that beef stew requires all those supporting ingredients, just like yum knows that installing a web server might require a logging daemon and a configuration library. The chef also checks if the kitchen has all the ingredients in stock and that nothing is expired, similar to yum verifying package signatures and availability. Finally, when your stew arrives at the table, it is a complete, ready-to-eat meal, exactly like how yum ensures all dependencies are installed and the software is ready to run. If you had tried to do it manually, you might have ended up with a half-finished stew missing critical components, or you might have accidentally bought spoiled ingredients.

## Why it matters

In professional IT environments, Linux servers are the backbone of web hosting, database management, cloud infrastructure, and application deployment. An administrator might be responsible for dozens, hundreds, or even thousands of servers. Manually installing software on each server by downloading source code, compiling it, and resolving dependencies by hand is not only inefficient but also prone to human error. Yum provides a standardized, repeatable, and auditable method for managing software across an entire fleet of machines. This consistency is critical for maintaining security, stability, and compliance in enterprise environments.


Yum's dependency resolution is perhaps its most valuable contribution. Software packages are rarely standalone; they connect to libraries, interpreters, and other services. For instance, installing a PHP application may require Apache, MySQL, and multiple PHP extensions. Each of these components has its own dependencies. Yum untangles this web automatically, ensuring that the correct versions of all supporting packages are present. This prevents the infamous 'dependency hell' where manual installations break existing applications because of conflicting shared libraries. Yum handles package updates centrally. A security vulnerability like a critical OpenSSL flaw can be patched across an entire server fleet with a single command, 'yum update openssl', which is far more efficient and reliable than manually patching each server.


Yum also enforces security through GPG signature verification. Every official repository signs its packages with a cryptographic key. Before installing any package, yum checks this signature to ensure the package has not been tampered with and comes from a trusted source. This is crucial in preventing supply-chain attacks where malicious actors could inject compromised software. Yum's transaction history allows administrators to roll back problematic updates, which is essential for quick recovery from failed deployments. In exam contexts like the Red Hat Certified System Administrator (RHCSA) and Red Hat Certified Engineer (RHCE), mastery of yum is not optional; it is a foundational skill that underpins all other system administration tasks.

## Why it matters in exams

Yum is a core exam objective for the Red Hat Certified System Administrator (EX200) and Red Hat Certified Engineer (EX300) certifications. In these exams, candidates must demonstrate proficiency in installing, updating, querying, and removing software packages using yum. The RHCSA exam objectives explicitly require candidates to be able to 'Install, update, and remove packages using yum' and 'Configure yum repositories.' The RHCE exam extends this to include 'Use yum to configure local and remote repositories' and 'Use yum to manage package groups.' These are not peripheral topics; they are tested directly in performance-based tasks where candidates must configure systems from scratch or troubleshoot existing installations.


Exam questions typically require candidates to perform actions rather than just recall commands. For example, a scenario might ask you to 'Install the httpd package and ensure it starts automatically at boot.' This requires using yum install, systemctl enable, and potentially verifying the installation. Another common task involves configuring a new yum repository pointing to an internal server or a local DVD mount, which tests understanding of repository configuration files and GPG key management. Candidates may also be asked to use yum history to undo a recent installation or to find which package provides a specific file using 'yum provides' or 'yum whatprovides'. The exam environment often lacks internet access, so candidates must be comfortable configuring local repositories from an ISO or a network share.


Beyond Red Hat exams, yum knowledge is also valuable for the CompTIA Linux+ (XK0-005) exam, which covers package management in both Debian-based and RPM-based systems. While the primary server distribution for Linux+ is openSUSE, the exam objectives include 'Given a scenario, manage software installations and repositories,' which applies to yum and its successors. Even general IT certifications like CompTIA A+ may touch on basic Linux package management concepts, though at a much shallower depth. For any exam that involves Linux administration, understanding the lifecycle of a package-from repository configuration to installation to verification to removal-is essential. Examiners test not just the commands but the underlying concepts of dependency resolution, repository trust, and transaction management, because these are the principles that keep real-world production systems running smoothly.

## How it appears in exam questions

In certification exams, yum questions typically fall into three categories: scenario-based tasks, configuration tasks, and troubleshooting tasks. Scenario-based questions might present a situation where a server needs a new web application installed, and the candidate must choose the correct sequence of yum commands to install the package along with its dependencies. For example, a question could read: 'A developer has provided an RPM package file named myapp-1.2-1.el8.x86_64.rpm on the local filesystem. When you try to install it with rpm -ivh, it fails because of missing dependencies. Which command should you use instead?' The correct answer involves using yum localinstall or yum install with the local file path so that yum can resolve dependencies from configured repositories.


Configuration questions focus on setting up or modifying yum repositories. An exam question might state: 'You have been given a base URL for an internal repository at http://repo.example.com/rhel8/AppStream. Write the contents of a .repo file in /etc/yum.repos.d/ that enables this repository.' The candidate must remember the correct format: [repo-id], name, baseurl, enabled=1, gpgcheck=1, and gpgkey URL. Another variation might ask: 'You need to disable all repositories except 'AppStream' during an installation. How can you achieve this?' The answer is to use 'yum --disablerepo=* --enablerepo=AppStream install <package>'.


Troubleshooting questions are designed to test deeper understanding. For example, 'After running yum update, you see an error: 'GPG key retrieval failed: [Errno 14] HTTP Error 404 - Not Found'. What is the most likely cause?' The answer relates to an incorrect gpgkey URL in the .repo file. Another example: 'A user reports that 'yum install httpd' returns 'No package httpd available.'' Candidates need to check repository configuration, verify that the repository is enabled, that the base URL is reachable, and that the package exists in that repository. These questions require not just command recall but diagnostic reasoning. Multiple-choice questions might also test the difference between yum update and yum upgrade, or between yum remove and yum autoremove. Always remember that yum is designed to preserve system integrity, so any action that might break dependencies will either prompt for confirmation or be blocked entirely.

## Example scenario

Scenario: You are a junior system administrator at a small company that runs its customer relationship management (CRM) web application on a CentOS 8 server. The development team has informed you that the CRM software requires a newer version of the PHP interpreter (PHP 7.4 instead of the default PHP 7.2) and the 'php-mysqlnd' extension to connect to the database. Your task is to update PHP and install the required extension without breaking any existing applications.


Step 1: You first check the currently installed PHP version by running 'php -v'. You see output showing PHP 7.2.24. Step 2: You need to find a repository that provides PHP 7.4 for CentOS 8. You know that the Remi repository is a popular choice for newer PHP versions. Step 3: You install the Remi repository configuration package using 'yum install https://rpms.remirepo.net/enterprise/remi-release-8.rpm'. This adds .repo files to /etc/yum.repos.d/. Step 4: You enable the Remi repository for PHP 7.4 by running 'yum module enable php:remi-7.4'. This tells yum to use the specified module stream. Step 5: You run 'yum update php' to upgrade PHP to version 7.4. Yum resolves any dependency changes automatically, downloading and installing the updated packages. Step 6: You install the MySQL extension using 'yum install php-mysqlnd'. Yum checks if this extension has any other dependencies and installs them. Step 7: You verify the installation by creating a simple 'phpinfo()' file and accessing it via the web browser. You confirm that PHP version 7.4 is active and the MySQL extension is loaded. Throughout this process, you used yum to manage the entire software lifecycle, avoiding manual compilation and dependency hunting. This scenario mirrors real-world system administration and is exactly the type of task tested in the RHCSA and RHCE exams.

## Common mistakes

- **Mistake:** Running 'yum update' without first checking if a repository is enabled or reachable.
  - Why it is wrong: If the repository is misconfigured or unreachable, 'yum update' will fail with an error like 'Cannot find a valid baseurl for repo'. This wastes time and may leave the system unpatched.
  - Fix: Always verify repository connectivity with 'yum repolist' before performing an update. This shows all enabled repositories and their status.
- **Mistake:** Assuming 'yum remove' will only remove the specified package.
  - Why it is wrong: Yum will also remove any dependencies that were automatically installed with that package and are no longer needed by other software. This can accidentally break other applications that share those dependencies.
  - Fix: Use 'yum remove --noautoremove' if you only want to remove the specified package, or use 'yum autoremove' cautiously after verifying the dependency tree.
- **Mistake:** Using 'rpm -ivh' directly on a downloaded RPM without using yum to resolve dependencies.
  - Why it is wrong: RPM does not automatically resolve dependencies. If the package requires other packages, the installation will fail immediately with a dependency error, requiring manual intervention.
  - Fix: Always prefer 'yum localinstall <file.rpm>' or 'yum install <file.rpm>' so that yum can fetch missing dependencies from repositories.
- **Mistake:** Forgetting to configure GPG signature verification when setting up a new repository.
  - Why it is wrong: If gpgcheck=0 is set, the system will install packages without verifying their authenticity. This leaves the system vulnerable to malicious or corrupted packages.
  - Fix: Always set gpgcheck=1 and provide the correct gpgkey URL in the .repo file. Import the key using 'rpm --import' if necessary.
- **Mistake:** Overlooking the difference between 'yum update' and 'yum upgrade'.
  - Why it is wrong: While both update packages, 'yum upgrade' also handles obsoletes, which may remove old packages. This can unintentionally remove software that the administrator assumed was still installed.
  - Fix: Use 'yum update' for routine maintenance unless you specifically need to handle obsoletes. Understand that 'yum upgrade' is more aggressive.

## Exam trap

{"trap":"The question asks: 'Which command installs a package and all its dependencies from a local RPM file?' The options include 'rpm -ivh package.rpm' and 'yum install package.rpm'. Many learners choose 'rpm -ivh' because they associate local files with rpm.","why_learners_choose_it":"Learners see the .rpm extension and default to the rpm command, not realizing that rpm alone cannot resolve dependencies. They may have only practiced installing from repositories with yum and never used 'yum install' with a local file path.","how_to_avoid_it":"Memorize that yum is the tool for dependency resolution regardless of whether the package source is a remote repository or a local file. The command 'yum install ./package.rpm' or 'yum localinstall package.rpm' is correct. Only use 'rpm -ivh' when you are certain no dependencies are missing or when you are installing a small standalone package in an isolated scenario."}

## Commonly confused with

- **yum vs dnf (Dandified Yum):** Dnf is the next-generation replacement for yum that debuted in Fedora 22 and replaced yum entirely in RHEL 8 and CentOS 8. While both manage packages using the same repositories and RPM back-end, dnf has a more efficient dependency resolver (libsolv), better performance, and cleaner output. In RHEL 8, the 'yum' command exists as a symbolic link to 'dnf' for backward compatibility, so they are functionally identical on those systems. (Example: On RHEL 7, you would run 'yum install httpd'. On RHEL 8, the same command works because 'yum' points to 'dnf', but you could also run 'dnf install httpd' directly.)
- **yum vs apt (Advanced Package Tool):** Apt is the package manager for Debian-based Linux distributions like Ubuntu and Debian itself. It uses .deb packages and the dpkg back-end instead of RPM. While the core concepts of repositories, dependency resolution, and package caching are identical, the command syntax and configuration files are different. For example, 'apt update && apt install nginx' replaces 'yum install nginx'. Apt uses /etc/apt/sources.list instead of /etc/yum.repos.d/. (Example: If you are studying for the CompTIA Linux+ exam, you must know both: 'yum install httpd' for Red Hat and 'apt install apache2' for Debian. Confusing the two will cause command failures.)
- **yum vs zypper:** Zypper is the command-line package manager for SUSE Linux Enterprise Server and openSUSE. It also uses RPM packages but has its own repository format and command syntax. For example, 'zypper install nginx' is equivalent to 'yum install httpd'. Zypper uses a different source configuration (/etc/zypp/repos.d/) and has a slightly different approach to dependency handling. (Example: In the RHCSA exam, you only need to know yum (or dnf). But in the SUSE Certified Administrator (SCA) exam, you must know zypper. Mixing up 'yum install' and 'zypper install' in the wrong exam environment would be a critical error.)
- **yum vs RPM (Red Hat Package Manager):** RPM is the low-level package management tool that yum uses internally. RPM can install, upgrade, query, and remove individual .rpm files, but it cannot automatically resolve dependencies or connect to repositories. Yum is a front-end that adds dependency resolution, repository management, and automatic updates on top of RPM. (Example: Using 'rpm -i package.rpm' will install the package but fail if dependencies are missing. Using 'yum install package.rpm' will automatically find and install those dependencies from configured repositories.)

## Step-by-step breakdown

1. **Initialize repository cache and list available packages** — When you run 'yum list available', yum reads configuration files in /etc/yum.repos.d/ to identify enabled repositories. It then downloads or refreshes the metadata cache from each repository. This metadata includes package names, versions, descriptions, and dependency information. This step is essential because yum cannot know what software is available without an updated cache. Running 'yum makecache' explicitly forces this refresh.
2. **User issues installation command with desired package name** — The user runs 'yum install <package-name>'. Yum parses the command and determines the exact package identity, including architecture and version, from the repository metadata. If multiple versions exist, yum selects the latest stable version unless otherwise specified. This step initiates the dependency resolution process.
3. **Dependency resolution using SAT solver** — Yum uses a SAT (boolean satisfiability) solver to analyze all available packages and their inter-relationships. It builds a logical model of what packages are required, recommended, conflicting, or obsoleting. The solver finds a valid combination of packages that satisfies the installation request without breaking existing installed software. This mathematical approach ensures consistency even in complex scenarios.
4. **Download and verify packages** — After resolution, yum downloads the required RPM files from the repository to the local cache (/var/cache/yum/). Before installation, yum verifies the GPG signature of each package against the trusted keys imported on the system. If gpgcheck=1 (the default for official repositories), packages without valid signatures are rejected. This step prevents installation of tampered or malicious software.
5. **Execute transaction and install packages via RPM** — Yum calls the RPM tool to perform the actual installation. RPM runs pre-install scripts (specified in the package spec), writes files to the filesystem, runs post-install scripts (often used to start services or set permissions), and updates the local RPM database. The entire transaction is logged in /var/lib/yum/history/ for rollback and auditing purposes. Yum reports success or failure and displays a summary of what was installed.
6. **Clean up cache and finalize** — After successful installation, yum may clean up cached package files if configured to do so (by default, they persist for future use in the transaction). The system is now ready to use the newly installed software. The administrator can verify the installation with 'rpm -q <package-name>' or 'yum list installed <package-name>'. The transaction history is updated for future rollback if needed.

## Practical mini-lesson

Yum is more than just a command to install software; it is a comprehensive package management ecosystem that system administrators rely on for maintaining system integrity. Understanding its internals is crucial for both exam success and real-world administration. At its heart, yum manages the complete lifecycle of software packages from discovery to removal. Professionals must be comfortable with repository configuration, which involves writing plain-text .repo files in /etc/yum.repos.d/. Each file defines a single repository with parameters such as [repo-id], name, baseurl, enabled, gpgcheck, gpgkey, and often exclude or includepkgs filters. A common mistake is leaving baseurl as a template like '$releasever/$basearch' without ensuring that the variables resolve correctly. Always test with 'yum repolist' after adding a new repository.


Another critical skill is using yum for system auditing. Commands like 'yum list installed' show all installed packages, while 'yum check-update' reports available updates without installing them. The 'yum history' command displays a timeline of all package transactions, including dates, user accounts, and what was changed. This is invaluable for troubleshooting recent changes that may have broken services. For example, if a web server stops working after an update, you can use 'yum history undo <transaction-id>' to roll back the specific transaction. You can also use 'yum history info <id>' to see exactly which packages were affected. This rollback capability is a powerful feature that saves hours of manual reconfiguration.


Security maintenance is another domain where yum shines. The 'yum update --security' command (with the yum-security plugin) updates only packages with security errata, minimizing disruption while patching vulnerabilities. In enterprise environments, administrators often create custom repositories using tools like createrepo to host internal packages or mirror official repositories. Understanding how to construct a local repository from a mounted ISO-using 'mount -o loop /path/to/rhel8.iso /mnt', then creating a .repo file pointing to file:///mnt/AppStream and file:///mnt/BaseOS-is a common RHCSA task. Finally, always remember that yum commands require root privileges or sudo access. Running 'yum install' as a regular user will fail with a permission error. Mastering these practical aspects ensures that you can manage Linux systems confidently in production environments and ace the performance-based tasks on certification exams.

## Memory tip

Yum = Your Universal Manager. It manages packages so you don't have to chase dependencies manually.

## FAQ

**Is yum still used in RHEL 8 and later versions?**

Yes, but the actual package manager in RHEL 8 and later is dnf. The 'yum' command still exists as a symbolic link to 'dnf' for backward compatibility with scripts and habits. Functionally, they are identical on these systems.

**What is the difference between 'yum update' and 'yum upgrade'?**

'yum update' updates all packages to the latest available versions within their current streams. 'yum upgrade' does the same but also handles obsoletes, which may remove older packages that have been replaced. Use 'update' for routine maintenance to avoid unexpected removals.

**How do I find which package provides a specific file?**

Use 'yum provides */filename' or 'yum whatprovides */filename'. For example, 'yum provides /usr/bin/nginx' will tell you that the 'nginx' package provides that file. You need to have the repositories enabled that contain that package.

**Why does 'yum install' ask to import a GPG key?**

When you install a package from a repository for the first time, yum prompts you to import the repository's GPG key. This key is used to verify the digital signature on every package from that repository, ensuring the package has not been tampered with and comes from a trusted source.

**Can I use yum to install packages from a local directory without internet?**

Yes. You can create a local repository using 'createrepo' on a directory of RPM files, then add a .repo file pointing to that directory with baseurl=file:///path/to/repo. Alternatively, you can use 'yum localinstall /path/to/package.rpm' to install a single RPM with dependency resolution from other configured repositories.

**How do I undo a yum installation?**

Use 'yum history' to list recent transactions. Find the ID of the transaction that installed the package, then run 'yum history undo <ID>'. This will reverse the transaction, removing the packages that were installed and restoring any that were removed, if possible.

**What is the difference between 'yum remove' and 'yum autoremove'?**

'yum remove' removes the specified package and its dependencies that are no longer required. 'yum autoremove' removes all packages that were automatically installed as dependencies and are no longer needed by any remaining installed package. 'autoremove' is useful for cleaning up orphaned packages.

## Summary

Yum is a critical package management tool for Red Hat-based Linux distributions, serving as the primary method for installing, updating, and removing software in enterprise environments. Its core value lies in automatic dependency resolution, which eliminates the complex manual work of finding and installing all supporting libraries and tools required by an application. Yum connects to remote or local repositories, downloads verified packages, and ensures system consistency through transaction logging and rollback capabilities. For IT certification candidates, especially those pursuing the Red Hat Certified System Administrator (RHCSA) and Red Hat Certified Engineer (RHCE) certifications, mastery of yum is non-negotiable. Exam tasks directly test your ability to configure repositories, install software, resolve dependency issues, and audit package transactions.


Beyond exams, yum is a daily tool for Linux system administrators who manage server fleets. It provides security through GPG signature verification, efficiency through batch updates, and reliability through transaction history. Understanding yum also provides a foundation for learning its modern successor, dnf, and for comparing it with other package managers like apt and zypper. The most important exam takeaway is to practice yum commands in a lab environment, focusing on repository configuration, dependency resolution, and transaction management. Always verify your work with 'rpm -q', 'yum list installed', and 'yum history'. Avoid common mistakes like using rpm directly without yum for dependency resolution or forgetting to import GPG keys. With thorough practice, yum becomes not just a command to memorize but a powerful tool that simplifies Linux administration and ensures exam success.

---

Practice questions and the full interactive page: https://courseiva.com/glossary/yum
