How to Manage System Packages with yum on RHEL 7
Package management is one of the most fundamental skills for a RHEL 7 system administrator. The Yellowdog Updater Modified (yum) is the default package manager on RHEL 7, and it handles everything from installing and removing software to managing repositories, grouping related packages, and maintaining a complete transaction history that can be rolled back. This guide covers the full breadth of daily yum operations, repository management, useful utilities from the yum-utils package, and how to verify package integrity with rpm.
Prerequisites
- A RHEL 7 system with an active Red Hat subscription, or a configured package repository
- Root or
sudoaccess - Network connectivity to your configured repositories
Step 1: Essential yum Commands — Install, Remove, and Update
The three most common yum operations are installing new packages, removing existing packages, and updating installed packages.
Installing Packages
# Install a single package
sudo yum install -y vim-enhanced
# Install multiple packages at once
sudo yum install -y wget curl git unzip
# Install a specific version of a package
sudo yum install -y httpd-2.4.6-97.el7
# Install from a local RPM file
sudo yum install -y /tmp/mypackage-1.0.noarch.rpmThe -y flag automatically answers “yes” to all prompts, which is useful in scripts. Omit it when running interactively to review the dependency list before confirming.
Removing Packages
# Remove a package (keeps dependencies)
sudo yum remove -y httpd
# Remove a package and its unused dependencies
sudo yum autoremove -y httpd
# Remove a package without removing its dependencies
sudo rpm -e httpdUpdating Packages
# Update all installed packages to the latest available version
sudo yum update -y
# Update only a specific package
sudo yum update -y kernel
# Check for available updates without installing
sudo yum check-update
# Update security patches only (requires a subscription with security metadata)
sudo yum update --security -yStep 2: Searching and Getting Package Information
Before installing a package you can search for it by name or description, and inspect its details:
# Search for packages matching a keyword
sudo yum search nginx
# Search in both name and description
sudo yum search all "web server"
# Show detailed information about a package
sudo yum info httpd
# Show information about an installed package
sudo yum info installed httpd
# List all installed packages
sudo yum list installed
# List all available packages
sudo yum list available
# Find which package provides a specific file or command
sudo yum provides /usr/bin/vim
sudo yum provides "*/bin/netstat"
# List files installed by a package (requires installed package)
rpm -ql httpdStep 3: Working with yum History
One of yum‘s most powerful features is its transaction history. Every install, update, and removal is recorded and can be inspected or rolled back:
# List recent yum transactions
sudo yum history list
# Show details of a specific transaction (by ID number)
sudo yum history info 15
# Show what packages were affected in transaction 15
sudo yum history info 15
# Undo a specific transaction (rollback an install or update)
sudo yum history undo 15
# Redo (re-apply) a transaction
sudo yum history redo 15
# Show all transactions affecting a specific package
sudo yum history list httpd
# Show the full transaction log
sudo yum history list allThe history database is stored at /var/lib/yum/history/. This rollback capability makes yum significantly safer than manual RPM management for production systems.
Step 4: Managing Package Groups with yum groupinstall
yum groups bundle related packages into named collections, making it easy to install everything needed for a role (web server, development tools, etc.):
# List all available package groups
sudo yum grouplist
# List all groups including hidden ones
sudo yum grouplist hidden
# Show what packages are in a group
sudo yum groupinfo "Development Tools"
# Install a package group
sudo yum groupinstall -y "Development Tools"
# Install the group for a GNOME desktop environment
sudo yum groupinstall -y "GNOME Desktop"
# Remove a package group
sudo yum groupremove -y "Development Tools"
# Update all packages in a group
sudo yum groupupdate -y "Development Tools"Step 5: Managing Repositories in /etc/yum.repos.d/
Repositories are defined in .repo files under /etc/yum.repos.d/. Understanding their structure lets you add, disable, or troubleshoot package sources:
# List all configured repositories and their status
sudo yum repolist all
# List only enabled repositories
sudo yum repolist enabled
# View the content of the base RHEL repo file
cat /etc/yum.repos.d/redhat.repoA typical .repo file looks like this:
[rhel-7-server-rpms]
name=Red Hat Enterprise Linux 7 Server (RPMs)
baseurl=https://cdn.redhat.com/content/dist/rhel/server/7/$releasever/$basearch/os
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-releaseAdding the EPEL Repository
The Extra Packages for Enterprise Linux (EPEL) repository provides thousands of additional packages not found in the base RHEL channels:
# Install the EPEL release package (provides the repo configuration)
sudo yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
# Verify the EPEL repo is now configured
sudo yum repolist | grep epel
# Install a package from EPEL (example: htop)
sudo yum install -y htopYou can also create a custom repository file manually:
sudo vi /etc/yum.repos.d/myrepo.repo[myrepo]
name=My Local Repository
baseurl=http://repo.example.com/rhel7/
enabled=1
gpgcheck=0Step 6: Using yum-utils and yum-config-manager
The yum-utils package provides several helpful command-line utilities that extend yum‘s functionality:
# Install yum-utils
sudo yum install -y yum-utilsyum-config-manager
# Enable a disabled repository
sudo yum-config-manager --enable rhel-7-server-optional-rpms
# Disable a repository
sudo yum-config-manager --disable epel
# Add a new repository from a URL
sudo yum-config-manager --add-repo https://example.com/repo/myrepo.repoOther yum-utils Tools
# package-cleanup: remove old kernel versions, keeping the latest 2
sudo package-cleanup --oldkernels --count=2
# repoquery: query package information without installing
repoquery --list httpd
# Find what package owns a specific installed file
repoquery --file /usr/sbin/httpd
# yumdownloader: download an RPM without installing it
yumdownloader httpd
yumdownloader --source httpd # Download the source RPMStep 7: Cleaning the yum Cache
yum caches downloaded packages and metadata in /var/cache/yum/. Clearing the cache frees disk space and forces a fresh metadata download on the next operation:
# Remove all cached packages and metadata
sudo yum clean all
# Remove only cached package files (keep metadata)
sudo yum clean packages
# Remove only metadata
sudo yum clean metadata
# Check how much disk space the cache is using
du -sh /var/cache/yum/
# Rebuild the metadata cache immediately
sudo yum makecacheStep 8: Verifying Package Integrity with rpm -V
After a security incident or suspected tampering, you can verify that installed package files have not been modified from their original state using rpm -V:
# Verify a specific package
sudo rpm -V httpd
# Verify all installed packages (slow — can take several minutes)
sudo rpm -Va
# Verify and show only changed files
sudo rpm -Va | grep "^..5"The output shows a string of flags indicating what changed. Common flags:
S— File size differsM— File permissions/type differ5— MD5 checksum mismatch (file contents changed)U— User ownership changedG— Group ownership changedT— Modification time differsc— Configuration file (modifications expected)
# Example output: httpd binary has been modified
S.5....T. /usr/sbin/httpdConclusion
yum is the backbone of RHEL 7 software management, and mastering it — from basic installs and updates to history rollbacks, group management, and repository configuration — gives you precise control over everything running on your systems. The combination of yum history undo for safe rollbacks, yum-config-manager for repository control, and rpm -V for integrity checking creates a robust package management workflow suitable for production environments. Always test updates in a staging environment before applying them to production, and use yum check-update regularly to stay informed about available security patches.
