How to Disable Package Updates Using YUMDNF in RHEL Linux?

YUM/DNF is the package management system used in RHEL (Red Hat Enterprise Linux) and related distributions to install, update, and remove software packages. While keeping packages updated is generally recommended for security and stability, there are specific scenarios where temporarily disabling package updates becomes necessary to maintain system integrity.

Why Disable Package Updates

Several situations may require disabling package updates temporarily:

• Critical Applications Production systems running mission-critical applications that require specific package versions

• Compatibility Requirements Legacy software that may break with newer package versions

• Testing Environments Development systems where consistent package versions are needed for testing

• Bandwidth Limitations Systems with restricted internet connectivity or data plan constraints

Methods to Disable Package Updates

Method 1: Exclude Specific Packages

To exclude specific packages from updates, edit the /etc/dnf/dnf.conf file:

sudo nano /etc/dnf/dnf.conf

Add the following line to exclude specific packages:

exclude=package1 package2 kernel*

This prevents the specified packages from being updated while allowing others to update normally.

Method 2: Disable Automatic Updates Service

To disable the automatic update service completely:

sudo systemctl stop dnf-automatic.timer
sudo systemctl disable dnf-automatic.timer
sudo systemctl mask dnf-automatic.timer

Check the status to verify it's disabled:

sudo systemctl status dnf-automatic.timer

Method 3: Repository-Level Exclusions

To disable updates from specific repositories, edit the repository configuration:

sudo nano /etc/yum.repos.d/repository-name.repo

Add enabled=0 to disable the repository:

[repository-name]
name=Repository Name
baseurl=http://repository.url/
enabled=0
gpgcheck=1

Verification and Testing

After implementing these changes, verify that updates are properly disabled:

dnf check-update

For excluded packages, use:

dnf list --excludes

To test if automatic updates are disabled:

dnf upgrade --assumeno

Re-enabling Updates

When you need to re-enable updates:

1. Remove or comment out the exclude line from /etc/dnf/dnf.conf

2. Re-enable the automatic update service:

sudo systemctl unmask dnf-automatic.timer
sudo systemctl enable dnf-automatic.timer
sudo systemctl start dnf-automatic.timer

Security Considerations

Best Practices

• Selective Exclusions Only exclude packages that absolutely cannot be updated

• Regular Reviews Periodically review and update exclusion lists

• Security Monitoring Stay informed about critical security updates for excluded packages

• Testing Environment Test updates in non-production systems first

• Documentation Maintain records of why specific packages are excluded

Conclusion

Disabling package updates in RHEL Linux using DNF should be done cautiously and only when absolutely necessary. While it can prevent system disruptions in critical environments, it also introduces security risks by preventing important patches from being applied. The key is implementing selective exclusions rather than blanket disabling, combined with regular manual review and testing of updates.