How to Disable Package Updates Using YUM/DNF in RHEL Linux

The DNF (Dandified Yum) is the next-generation version of the YUM (Yellowdog Updater, Modified), is an open-source default package manager for Red Hat-based Linux distributions, that is used for getting, installing, upgrading, removing, and querying packages from the official software repositories and third-party repositories.

While updating the system, sometimes, we don’t update certain packages such as Apache Server (HTTP), MySQL, PHP, or any other major application, because updating such software may break currently running web applications on a server and cause major issues. It is recommended to stop updates for such software till the application gets patched with new updates.

In this article, we will show you how we can exclude (disable) certain package updates using the YUM and DNF package manager on RPM-based distributions such as RHEL, CentOS, Fedora, Rocky Linux, and AlmaLinux. We can also exclude or disable certain package updates from any third-party repositories.

The exclude syntax would be as follow.

exclude=package package1 packages*

The above exclude directive is defined in /etc/yum.conf or /etc/dnf/dnf.conf configuration file with the list of packages to exclude from updates or installs.

The above syntax will exclude “package“, “package1“, and list of “package” updates or installs. Each keyword should be separated with space for the exclusion of packages.

How to Exclude Packages in YUM or DNF

To exclude (disable) specific package updates, Open file called /etc/yum.conf or /etc/dnf/dnf.conf with your choice of editor.

# vi /etc/yum.conf
OR
# vi /etc/dnf/dnf.conf

Add the following line at the bottom of the file with exclude keyword as shown below.

[main]
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=0
debuglevel=2
logfile=/var/log/yum.log
exactarch=1
obsoletes=1
gpgcheck=1
plugins=1
installonly_limit=5
bugtracker_url=http://bugs.centos.org/set_project.php?project_id=16&ref=http://bugs.centos.org/bug_report_page.php?category=yum
distroverpkg=centos-release

# This is the default, if you make this bigger yum won't see if the metadata 
# is newer on the remote and so you'll "gain" the bandwidth of not having to
# download the new metadata and "pay" for it by yum not having correct
# information.
#  It is esp. important, to have correct metadata, for distributions like
# Fedora which don't keep old packages around. If you don't like this checking
# interupting your command line usage, it's much better to have something
# manually check the metadata once an hour (yum-updatesd will do this).
# metadata_expire=90m

# PUT YOUR REPOS HERE OR IN separate files named file.repo
# in /etc/yum.repos.d

## Exclude following Packages Updates ##
exclude=httpd php mysql

In the above example, the line exclude will disable updates for “httpd” “php” and “mysql” packages. Let’s try installing or updating one of them using the YUM command as shown below.

# yum update httpd
OR
# dnf update httpd
Sample Output
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: centos.01link.hk
 * extras: centos.01link.hk
 * updates: mirrors.hns.net.in
base                                                   | 3.7 kB     00:00
extras                                                 | 3.0 kB     00:00
updates                                                | 3.5 kB     00:00
updates/primary_db                                     | 2.7 MB     00:16
Setting up Update Process
No Packages marked for Update

How to Exclude Packages from EPEL Repo

To exclude packages installs or updates from EPEL repository, then open the file called /etc/yum.repos.d/epel.repo.

# vi /etc/yum.repos.d/epel.repo

Add the exclude line by specifying packages to be excluded from the updates.

[epel]
name=Extra Packages for Enterprise Linux 6 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
## Exclude following Packages Updates ##
exclude=perl php python

Now try to update the above-specified files from the EPEL repository using the yum/dnf command as shown.

# dnf update perl php python
OR
# yum update perl php python
Sample Output
Last metadata expiration check: 0:00:37 ago on Wednesday 17 November 2021 03:41:28 AM EST.
Package perl available, but not installed.
No match for argument: perl
No match for argument: php
No match for argument: python
Error: No packages marked for upgrade.

You can also use the yum/dnf command-line option to exclude packages without adding them to the repository files.

# yum --exclude=httpd update
Or
# dnf --exclude=httpd update

To exclude a list of packages, use the command as follows.

# yum --exclude=mysql\* --exclude=httpd\* update
Or
# dnf --exclude=mysql\* --exclude=httpd\* update

This way you can exclude updates for any packages you want. There are many other ways you can do it, for example, recently we’ve compiled an article on 4 useful ways to block/disable or lock certain packages using the yum command in Linux.

Ravi Saive
I am an experienced GNU/Linux expert and a full-stack software developer with over a decade in the field of Linux and Open Source technologies

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

9 thoughts on “How to Disable Package Updates Using YUM/DNF in RHEL Linux”

  1. Hi, how best can I patch security and some packages vulnerabilities without resorting to RHEL online repository.

    P.S The node is not to be exposed to the Public Internet.

    Reply
  2. Hi,

    I see few of the packages getting update automatically weekly twice..(Don’t know from where it runs and who ran) in one of my server (centos 7). I have daily cron job running with rpm --last command which helps me to trace the new packages installation. I want to stop this automatic updation of packages.

    I googled and few suggested to disable yum-cron. in my case yum-cron is not installed. Please help me.

    Reply
    • @Jameslee,

      Simply add those packages to /etc/yum.conf like shown.

      This above line will prevent installing updates to these packages.

      Reply
  3. Actually you would want to prevent just updates in yum.conf with
    installonlypkgs

    Using excludes will also prevent installation.

    Reply

Got something to say? Join the discussion.

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.