Linux Package Managers: How Software Gets Installed on a Server

On a server you don't download installers and click Next. You ask a package manager. Learn what package managers are, how repositories and dependencies work, the difference between apt, dnf, and pacman, and the commands you'll actually use every day.

Published September 20, 202611 min readBy ACY Partner Indonesia
Linux package managers — repositories, dependencies, and the install command
300 × 250Ad Space AvailablePlace your ad here

On your laptop, installing software is a familiar ritual: find a website, download an installer, double-click it, click Next a few times, done. On a Linux server there’s no website to visit and no installer to double-click — and honestly, that turns out to be a better way to do it. Instead, you tell a package manager what you want, and it fetches the software, sets it up, and tracks it for you.

If you’ve ever wondered why server tutorials are full of lines like apt install nginx or dnf install git, this is the piece that makes all of them make sense. Once you understand what a package manager actually does, installing, updating, and removing software on a server stops feeling like memorized magic and starts feeling like a tool you control.

What a package manager actually is

A package manager is a program whose entire job is to install, update, and remove other software on your system. You give it the name of what you want — git, curl, a web server — and it handles everything else: downloading the right files, putting them in the right places, wiring up the commands, and remembering that it’s installed so you can cleanly remove it later.

A package is the unit it deals in. Think of it as a tidy bundle: the actual program files, plus a small manifest describing what the package is, what version it is, and — crucially — what other packages it needs in order to work. That last part is the real magic, and we’ll get to it.

The key mental shift coming from Windows or macOS: on a server you almost never “download and run an installer.” You ask the package manager, and it pulls the software from a trusted, central source. That source is called a repository.

One catalog, many programs

A package manager isn’t tied to one application — it’s the front door for thousands of them. The same apt or dnf command installs a web server, a database, a programming language, a text editor, or a tiny command-line utility. It’s less like an app store for one product and more like a single, system-wide librarian who can fetch any book in the building.

Repositories: where packages come from

A repository (often shortened to “repo”) is a curated online collection of packages that your system is configured to trust. When you ask to install something, the package manager looks it up in these repositories, downloads it from there, and verifies it.

Every Linux distribution maintains its own official repositories — a big, tested catalog of software that’s been packaged specifically for that system. This matters for a few reasons:

  • It’s a single source of truth. You don’t hunt across random websites hoping you found the real download. One trusted catalog has everything.
  • It’s verified. Packages are cryptographically signed. The package manager checks the signature, so you know the software wasn’t tampered with on the way to your server.
  • It’s consistent. Everything in the repo is built and tested to work together on your specific system.

Your system keeps a local index of what’s available in those repos — basically a copy of the catalog’s table of contents. That index can go stale, which is why nearly every install session starts by refreshing it. More on that command in a moment.

        YOUR SERVER                         THE INTERNET
   ┌──────────────────────┐           ┌────────────────────────┐
   │  package manager     │  asks →   │   repository (repo)    │
   │  + local index       │           │   curated, signed      │
   │                      │  ← gets   │   catalog of packages  │
   └──────────────────────┘           └────────────────────────┘
        installs into
        the right places

Dependencies: the problem package managers were built to solve

Here’s the thing that makes package managers genuinely valuable instead of just convenient. Most software doesn’t stand alone. A program you want often relies on other pieces of software to function — shared libraries, runtimes, helper tools. Those required pieces are called dependencies.

Imagine installing a web application by hand. It needs a particular library. That library needs two more libraries. One of those needs a specific version of something else. Track all of this down yourself across a dozen packages — making sure every version is compatible — and you’ve stumbled into what people grimly call “dependency hell.” It’s tedious, error-prone, and easy to get subtly wrong.

A package manager makes that disappear. When you ask for one package, it reads that package’s manifest, sees everything it depends on, finds those dependencies’ dependencies, and presents you with the full list to install in one shot. It resolves the whole tree automatically.

   You ask for:   webapp

        ┌───────────┼───────────┐
     lib-a       runtime      lib-b
        │                        │
     lib-c                   lib-d (v2.1)

   The package manager works all of this out
   and installs every box in the right order.

It also keeps the books on the way back out. When you remove software, the package manager knows which dependencies were only installed because of it, and can clean those up too — so your server doesn’t slowly fill with orphaned junk nobody remembers installing.

The big families: apt, dnf, pacman, and friends

Linux isn’t one operating system — it’s a whole family of distributions, and they don’t all share the same package manager. Which one you use depends on which distro your server runs. If that idea is new, it’s worth a quick look at how distros differ in Linux distributions, because that choice is exactly what decides your package manager.

There are two big lineages you’ll meet constantly:

  • The Debian family (Debian, Ubuntu, and their relatives) uses apt. Underneath, packages are .deb files, but you almost always drive it through apt. This is the most common family for beginner-friendly servers.
  • The Red Hat family (Fedora, RHEL, Rocky, AlmaLinux) uses dnf (the modern successor to the older yum). Packages here are .rpm files.

A couple more worth recognizing, even if you don’t use them yet:

  • pacman — Arch Linux and its derivatives.
  • zypper — openSUSE.
  • apk — Alpine Linux, popular in lightweight container images for being tiny.

The good news: they all do the same job and share the same concepts — repositories, packages, dependencies, install/update/remove. Once you understand the idea, switching between them is mostly a matter of learning a different word for “install.”

Same idea, different verbs

Don’t try to memorize every package manager. Learn the concepts once — repo, package, dependency, refresh, install, upgrade, remove — and then for any given system you only need a small cheat sheet mapping those concepts to that system’s commands. The mental model carries over completely.

The commands you’ll actually use

Let’s get concrete with the Debian/Ubuntu family, since it’s the most common starting point. These same five actions exist in every package manager — only the spelling changes.

Almost everything you’ll do involves administrator rights, because installing system software touches protected parts of the system. That’s why these commands start with sudo. If the idea of sudo and root access is fuzzy, the file permissions article explains why ordinary users can’t just write anywhere on a server. And since you’ll be typing all of this into a terminal, the command line article is a good companion if the shell still feels unfamiliar.

1. Refresh the index. Update your local copy of the catalog so you’re working from current information. Do this first, especially before installing.

sudo apt update

2. Install a package. Ask for software by name. The package manager figures out the dependencies and asks you to confirm.

sudo apt install git

3. Upgrade everything. Apply available updates to all installed packages — important for security fixes.

sudo apt upgrade

4. Remove a package. Uninstall software you no longer need.

sudo apt remove git

5. Search the catalog. Find out whether something exists in the repos, and under what name.

apt search compression

Here’s roughly how a real install plays out, so the flow isn’t a surprise:

$ sudo apt update
  Reading package lists... Done
  (your local index is now fresh)

$ sudo apt install git
  Reading dependencies... Done
  The following NEW packages will be installed:
    git git-man liberror-perl ...
  Need to get 5,200 kB of archives.
  Do you want to continue? [Y/n] y
  ...
  Setting up git ...
  Done.

Notice that asking for one thing (git) pulled in a handful of extra packages you never named. That’s dependency resolution doing its job — exactly the work you’d otherwise be doing by hand.

For comparison, here’s the same set of actions in the other major families, so you can see how little really changes:

ACTION           Debian/Ubuntu (apt)      Fedora/RHEL (dnf)        Arch (pacman)
─────────────────────────────────────────────────────────────────────────────────
refresh index    sudo apt update          (refreshed automatically) sudo pacman -Sy
install          sudo apt install NAME     sudo dnf install NAME    sudo pacman -S NAME
upgrade all      sudo apt upgrade          sudo dnf upgrade         sudo pacman -Syu
remove           sudo apt remove NAME      sudo dnf remove NAME     sudo pacman -R NAME
search           apt search TERM           dnf search TERM          pacman -Ss TERM

Same five ideas, three different dialects. Learn the row labels on the left and you can sit down at any of these systems.

Versions, updates, and why stale software is a risk

There’s a subtle but important reason package managers matter for server work specifically: keeping software updated is a security job, not just a convenience. Servers are exposed to the internet around the clock, and outdated software is one of the most common ways they get compromised. When a vulnerability is found in a piece of software, the fix arrives as an updated package in the repository. The whole point of apt upgrade / dnf upgrade is to pull those fixes in.

This is also why distributions are sometimes described as “stable” or “cutting-edge.” Stable distros (like Debian) deliberately ship slightly older, heavily-tested versions and patch them for security, prioritizing predictability. Others ship the newest versions quickly, prioritizing features. Neither is “better” — they’re different trade-offs, and the package manager is how you live with whichever one you chose.

Don't bypass the package manager for no reason

It’s tempting, when a tutorial says “just download this script and run it,” to grab software from outside the repositories. Sometimes that’s necessary — but understand the trade-off: anything installed outside the package manager is invisible to it. It won’t get security updates automatically, it won’t clean up neatly, and you’ve trusted a source the system didn’t verify. Prefer the official repos whenever you can, and treat off-repo installs as a deliberate, considered exception — not a default.

A quick word on the newer universal formats

You may run into Snap, Flatpak, and AppImage. These are a newer style of packaging where an app ships with its own dependencies bundled inside, so it can run across many distributions without caring about what’s already installed. That solves portability, at the cost of larger downloads and some duplication.

For server work, you’ll mostly stick with your distro’s native package manager (apt, dnf, and so on) — it’s leaner and integrates tightly with the system. The universal formats show up more on the desktop, but it’s good to know the names so they don’t confuse you later.

Why this is foundational

Almost every server task you’ll ever do begins with installing something. A web server, a database, a runtime for your application, monitoring tools, security tools — all of it arrives through the package manager. Get comfortable with this one tool and an enormous amount of server work becomes routine instead of intimidating.

More deeply, package managers encode a philosophy that runs through all of Linux: trusted central sources, automatic dependency handling, clean install-and-remove, and updates as a first-class habit. Internalize that, and you’re not just memorizing apt install — you’re learning how a server is meant to be cared for over time.

Wrapping up

Here’s the whole picture in one place:

  • A package manager installs, updates, and removes software on your system; you ask by name and it handles the rest.
  • A package is a bundle of program files plus a manifest, including the list of other packages it needs.
  • Repositories are curated, signed, trusted catalogs that your system pulls software from — one source of truth instead of random websites.
  • Dependencies are the other software a package needs; the package manager resolves the whole tree automatically and avoids “dependency hell.”
  • The big families are apt (Debian/Ubuntu), dnf (Fedora/RHEL), and pacman (Arch) — same concepts, different commands.
  • The five everyday actions are refresh, install, upgrade, remove, search, and most need sudo.
  • Keeping packages updated is a security responsibility, because outdated software is a favorite way in for attackers.

Once you can install and update software confidently, the natural next step is learning what to do with those programs once they’re running — how the things you installed keep working in the background as processes and services on your server.

Tags:linuxpackage-manageraptserverbeginner
728 × 90Ad Space AvailablePlace your ad here

Related Articles

See All Articles

You Might Also Like

SSL and encryption at rest — data protected in transit and on disk
Server / Server Security

SSL and Encryption at Rest: Protecting Data Both in Transit and on Disk

Encryption protects your data in two places: while it travels the network (in transit) and while it sits on disk (at rest). Learn the difference, why you need both, how TLS, full-disk encryption, and key management actually fit together, and the practical mistakes to avoid — explained from the.

Nov 9, 202613 min read
Securing ports and services — closing the doors on a server you don't use
Server / Server Security

Securing Ports and Services: Closing the Doors You Don't Use

Every open port on a server is a door someone could try to walk through. Learn what ports and services really are, why an exposed service is your biggest risk, and the simple discipline of closing everything you don't need — explained from the ground up.

Nov 8, 202611 min read
Principle of least privilege — granting only the minimum access each user and process needs
Server / Server Security

The Principle of Least Privilege: Give Everything Only the Access It Truly Needs

Least privilege is the quiet rule behind almost every solid security setup: every user, process, and key gets the minimum access required to do its job, and nothing more. Learn what it means, why it limits the blast radius of any breach, and how to apply it across users, services, files, and keys.

Nov 7, 202613 min read
Fail2ban and intrusion basics — watching logs and automatically banning repeated abusers
Server / Server Security

Fail2ban and Intrusion Basics: Automatically Banning the Bots Hammering Your Server

Attackers don't stop after one failed guess — they keep hammering, thousands of times a day. Learn how intrusion attempts actually look, what fail2ban does, how it watches your logs and bans abusers automatically, and how to set it up sensibly without locking yourself out — explained from zero.

Nov 6, 202613 min read
Keeping software updated — closing known security holes before attackers use them
Server / Server Security

Keeping Software Updated: The Boring Habit That Stops Most Server Breaches

Most servers don't get hacked through clever new attacks — they get hacked through old, known holes that a simple update would have closed. Learn why updates matter, what to update, how to do it safely without breaking things, and how to make it a habit instead of a panic.

Nov 5, 202610 min read
Firewall configuration — a default-deny rule set that opens only the ports you need
Server / Server Security

Firewall Configuration: Setting Up Default-Deny Rules Without Locking Yourself Out

Knowing what a firewall is and actually configuring one well are two different skills. Learn how to write a default-deny rule set, order rules correctly, allow your own access first, handle IPv6 and cloud security groups, and test before you commit — a practical, vendor-neutral guide from zero.

Nov 4, 202615 min read