RHEL Basics #1: What Is RHEL — From Fedora to RHEL, plus AlmaLinux and Rocky Linux

15 min read

When you SSH into a server at work, the Linux you’re most likely to land on is RHEL — or one of its compatible OSes, AlmaLinux / Rocky / Oracle Linux. Even people who learned Linux on Ubuntu run into this family almost every time in a corporate environment. For the moment when apt doesn’t work, ufw isn’t there, and roughly half the commands you know go by different names — this series lays out the map of the Red Hat family and what you need to run a single RHEL machine.

The whole Linux track is 6 series and 62 posts. RHEL Basics, 7 posts, is the first.

  • #1 What is RHEL — From Fedora to RHEL, plus AlmaLinux and Rocky Linux ← this post
  • #2 Setup — RHEL 9 install, Subscription Manager, first login
  • #3 dnf and package management — repo, modules, AppStream
  • #4 Intro to systemd — services, targets, journalctl
  • #5 Users / groups / permissions — UID/GID, sudo, ACL
  • #6 Filesystem basics — XFS, mount, /etc/fstab
  • #7 Basic security — firewalld, SSH hardening

This post nails down the shape of the Red Hat family and where RHEL sits inside it. It’s the map you want in your head before you open a console. Hands-on starts at #2.

“Aren’t all Linuxes the same?” #

If you started on Ubuntu and then SSH into a corporate server, things stop making sense. apt doesn’t work. There’s no /etc/apt/sources.list. Instead there’s an unfamiliar command called dnf, and the package names are subtly different. Same Linux, so why is everything different?

Linux is a bundle of the kernel + userland + a package manager + boot/service management, and how that bundle is put together is what makes a distribution (distro). Zoom out and you see two big branches:

Two big branches of Linux distros
                  Linux Kernel
        ┌──────────────┴──────────────┐
        │                             │
   Debian family               Red Hat family
   (.deb / apt)                  (.rpm / dnf)
        │                             │
   ┌────┴─────┐                  ┌────┴────────────┐
   │          │                  │                 │
 Debian    Ubuntu              Fedora            RHEL
            │                                      │
         Linux Mint              ┌──────────┬──────┴──────┬─────────┐
         Pop!_OS              CentOS    AlmaLinux    Rocky      Oracle
                              Stream                            Linux
  • Debian family — Debian, Ubuntu, Mint. Packages are .deb, manager is apt. The branch you’ll meet most often on desktops, personal servers, and clouds.
  • Red Hat family — RHEL, Fedora, CentOS Stream, AlmaLinux, Rocky, Oracle Linux. Packages are .rpm, manager is dnf (formerly yum). The de facto standard in enterprise / data centers / telecom and finance.

The two branches use different commands, follow different directory conventions, and ship different default tools. Knowing only one and SSHing into a machine from the other side, your hands stop. This series covers the Red Hat family. If you know Ubuntu, this is mostly a new command dictionary to learn. If you don’t, it’s still written so you can follow from scratch.

Why enterprise Linux is its own thing #

“Linux is free, so why pay for RHEL?” is the most common question. The honest answer is you’re buying a guarantee, not an OS.

The demands a large company runs into when they put a system on Linux:

  • A 10-year guarantee — once you install the OS, you keep getting security patches for ten years. Data centers, healthcare, and finance can’t easily change a vetted environment.
  • Compatibility certifications — products like Oracle DB, SAP, IBM Db2, VMware, and NVIDIA GPU drivers officially declare “this runs on RHEL.” Hit a problem on Ubuntu with the same products and the vendor often shrugs and tells you it’s not a supported environment.
  • 24/7 support — a contract where one phone call gets an engineer on the line at 3am.
  • Compliance — standards like FIPS, Common Criteria, PCI-DSS, and HIPAA are certified at the OS level. Trying to match all that yourself on Ubuntu via OpenSCAP is a different beast.

Individuals, startups, and modern cloud workloads almost never need any of that. So Ubuntu / Alpine / Amazon Linux are the natural pick. On the flip side, walk into a bank, a telco, an airline, or a government office and you’ll almost always see RHEL or one of its compatibles. The OS itself becomes part of the SLA.

The reason this series covers RHEL is simple: it’s the environment paid Linux engineers run into most often.

The Red Hat family — Fedora → CentOS Stream → RHEL #

The company Red Hat (now an IBM subsidiary) ships more than one Linux. Three of them are linked in a single flow.

upstream → downstream
   ┌──────────┐    ┌──────────────┐    ┌────────┐    ┌──────────────────┐
   │  Fedora  │ →  │ CentOS Stream│ →  │  RHEL  │ →  │ AlmaLinux/Rocky  │
   │   (lab)  │    │  (preview)   │    │ (prod) │    │  (free clones)   │
   └──────────┘    └──────────────┘    └────────┘    └──────────────────┘
        ↑                  ↑                ↑                  ↑
   6-month cycle      rolling (6-month~)  10-year LTS     10-year LTS
   bleeding edge       next RHEL minor     paid / free     free
                       preview                             (1:1 of RHEL)

Fedora — the lab #

The community distribution Red Hat sponsors. New versions every 6 months — you see new kernels, new GNOME, new systemd, new compilers here first. Support window is around 13 months, which is short. It’s for developer desktops and trying out new features early. Too volatile to put on a production server.

What gets validated here flows down to the next stage.

CentOS Stream — the preview #

The working area for the next RHEL minor version (e.g. 9.6). Rolling: as patches come in, builds get published continuously. It’s the upstream of RHEL. So whatever lands in RHEL 9.6 lands in CentOS Stream 9 first.

It’s used for testing / development / certification environments, mostly by RHEL-compatible ISVs checking that their products will keep working in the next minor. Some people run it in production (especially in the cloud), but it leans a bit more toward fresh patches than rock-solid stability.

This model changed dramatically in 2020, right after IBM acquired Red Hat in 2019. Before that, “CentOS Linux” played the role of a clone of RHEL. We’ll come back to that whole story below.

RHEL — the product #

Red Hat Enterprise Linux. The paid distro Red Hat officially sells and supports. Each major version (7 / 8 / 9 / 10) is promised a full 10-year lifecycle (with optional ELS extending it by 4 years).

  • Full Support (5 years) — new features, minor updates, all patches
  • Maintenance Support (5 years) — security and critical bug patches only
  • ELS (+4 years) — pay extra to keep getting security patches

That 10–14 year window is the single biggest reason enterprises pay for RHEL. Once an OS has been certified and validated, they get to use it for that long.

This series is based on RHEL 9. RHEL 10 is out in 2026, but most production runs are still on 9, and there’s far more material and certification behind 9. We’ll point out 9-vs-10 differences along the way.

The CentOS shake-up — and the rise of AlmaLinux/Rocky #

When you draw the map of Red Hat’s ecosystem, you cannot skip December 8, 2020. One announcement that day rewrote the whole market.

Before — where CentOS Linux lived #

Originally, CentOS Linux (Community Enterprise OS) was a free clone built from RHEL’s source. RHEL 7 would ship, and within days or weeks CentOS 7 would follow with nearly identical packages. Drop the trademark, keep the bits — 1:1.

That’s why so many companies ran setups like this:

  • Dev / staging / side workloads → CentOS Linux (free)
  • Real SLA workloads → RHEL (paid)

Same OS, same commands, only paying where it mattered. A clean model.

The change #

In late 2020, Red Hat announced that CentOS Linux 8 support would end on December 31, 2021. The original promise had been until 2029. The empty slot, they said, would be filled by CentOS Stream instead.

Remember: Stream isn’t a downstream (clone) of RHEL — it’s the upstream (preview). The arrow flipped from RHEL → CentOS to CentOS Stream → RHEL. In other words, the option of running free RHEL-compatible servers in production disappeared.

The motivations behind the decision were complicated. “Oracle is freeloading off CentOS,” “concentrating on Stream improves the next RHEL,” “people who can’t go paid weren’t going to anyway” — all framed by Red Hat — and the community pushback was loud. Whether it was right or wrong isn’t this post’s job to decide. The result, though, was clear: the slot for a free RHEL-compatible OS opened up.

Filling that slot — AlmaLinux and Rocky Linux #

Two projects rushed to fill it. Both are free distros aiming for 1:1 binary compatibility with RHEL.

AlmaLinux — started under the sponsorship of CloudLinux. Announced December 2020, first stable release March 2021. Today it’s run by a non-profit foundation.

Rocky Linux — started directly by Gregory Kurtzer, a co-founder of CentOS. The name comes from another co-founder, Rocky McGaugh. First stable release came in June 2021.

Both pull RHEL’s source RPMs, build them, and produce nearly identical artifacts. There’s effectively no technical difference. Policy, governance, and funding model differ a little. Plenty of companies in Korea, the US, and Europe migrated their old CentOS Linux footprint to one of these two.

2023 follow-up — In June 2023, Red Hat announced that RHEL source RPMs would no longer be published in the public git repo (git.centos.org); they’d only be available to paid subscribers. AlmaLinux and Rocky’s build pipelines wobbled briefly, but both adapted quickly by combining CentOS Stream + public patches, and both keep running smoothly today. AlmaLinux relaxed its policy slightly from “binary compatible” to “ABI compatible” (not a 1:1 build, but the same binary interface), while Rocky routes through cloud instance channels to legally obtain the source and stays 1:1.

Oracle Linux is in the same lane #

There’s also Oracle Linux, in a similar position. Oracle has shipped a RHEL-compatible distro since 2006. Free to download and use, with paid support sold separately. They also like to brag that Oracle DB runs best on it.

After the CentOS shake-up, Oracle saw their biggest marketing opportunity (“we’re not changing”) and picked up some workloads — especially environments where Oracle DB sits next to the OS. In the Korean market, though, AlmaLinux and Rocky are the more common choices.

One table to compare them #

Putting everything above into a single table:

DistroRoleRelease cadenceSupport windowCostWho uses it
FedoraLab (upstream of upstream)6 months~13 monthsFreeDeveloper desktops, trying new things
CentOS StreamRHEL previewRolling~5 years (per major)FreeRHEL ISV certification, next-version validation
RHELProduct / de facto standard~3 years (major)10 years + ELS 4 yearsPaid (some free options)Enterprise, SLA environments
AlmaLinuxFree RHEL clone (ABI compatible)Tracks RHEL10 yearsFreeFormer CentOS workloads
Rocky LinuxFree RHEL clone (1:1 compatible)Tracks RHEL10 yearsFreeFormer CentOS workloads
Oracle LinuxRHEL-compatible + Oracle-friendlyTracks RHEL10 yearsFree / paidOracle DB environments, some enterprise

Three things to remember:

  1. Red Hat directly builds Fedora / CentOS Stream / RHEL — three of them.
  2. AlmaLinux and Rocky are free clones built from RHEL. Their commands and behavior are effectively identical to RHEL.
  3. Oracle Linux is in the same lane, but built and run by Oracle.

Anything in this series that says “RHEL does X” also applies to AlmaLinux / Rocky / Oracle Linux essentially without change. SELinux configuration, dnf commands, the shape of systemd, the layout of /etc — all the same.

How to get hold of RHEL #

Plenty of people only know “RHEL is paid,” but there are actually several legitimate, free ways for individuals to use it.

Red Hat Developer Subscription (free for individuals) #

The free developer subscription Red Hat runs. Sign up at developers.redhat.com and you’re done.

  • Free
  • Up to 16 physical/virtual machines per account
  • For personal learning, development, and testing — not production
  • You get the same security patches

This series assumes you’re using this subscription. We’ll do the sign-up and the first registration (subscription-manager register) together in #2.

On the cloud #

AWS / Azure / GCP all offer hourly-billed RHEL images. A few cents per hour gets added on top as the OS cost — no separate contract needed, you can spin up RHEL on demand. This is the most common way to run it in production.

If your company already has a RHEL subscription, you can also bring it onto a cloud instance via BYOS (Bring Your Own Subscription). Same OS, different pricing model.

For business — proper subscription #

Production needs a real subscription. Pricing is annual, on a per-socket / per-VM / per-node basis. The details belong to your sales team; this series stops at the sign-up.

The other path — you don’t have to install RHEL itself #

If learning is the goal, installing AlmaLinux or Rocky works just as well. Every command below behaves identically:

Same commands, all three distros
sudo dnf install nginx
sudo systemctl enable --now nginx
sudo firewall-cmd --add-service=http --permanent
sudo firewall-cmd --reload

If you’re following this series and RHEL feels too heavy, install AlmaLinux or Rocky instead. The differences are negligible. RHCSA / RHCE prep also works fine on either OS once you have the basics down.

RHEL 9 — what does it look like? #

A quick preview of the major characteristics of RHEL 9 that this series covers. Each one gets its own deep dive later.

AreaRHEL 9’s choiceIn which post
Package managementdnf (yum rewritten in Python)#3
Package catalogAppStream (modular second repo)#3
Service managementsystemd (single PID 1)#4
Logsjournald + journalctl#4
Permission modelusers/groups + sudo + SELinux (Enforcing by default)#5, deeper in intermediate
Default filesystemXFS (ext4 also supported)#6
Firewallfirewalld (abstraction over iptables)#7
ContainersPodman / Buildah / Skopeo (no Docker daemon)Intermediate
NetworkingNetworkManager + nmcliIntermediate

Where it differs most from Ubuntu:

  • aptdnf — the most common difference. Half your command dictionary changes here.
  • ufwfirewalld — different firewall abstraction. RHEL thinks in zones.
  • SELinux Enforcing by default — Ubuntu uses AppArmor as a supplementary layer; RHEL enforces SELinux from day one. About half of “why won’t nginx bind to port 80?” questions are SELinux label problems.
  • dockerpodman — RHEL doesn’t ship a Docker daemon (since RHEL 8). Podman is the daemonless drop-in with the same command set. If you know Docker, you know Podman.

Common misconceptions #

“Isn’t RHEL old / conservative?” #

Partly true. RHEL prioritizes proven stability, so kernel and language versions are usually 1–2 years behind whatever’s in Fedora at the same moment. But AppStream (#3) lets you pick newer versions of Python, Node, PostgreSQL, etc. as modules. “Stable OS, but Python and DB on a recent release” is achievable.

“CentOS died — won’t RHEL be next?” #

CentOS Linux died, but the decision actually strengthened RHEL itself. With the free clone gone, paid subscription revenue went up (which was the whole point of the IBM acquisition), and AlmaLinux / Rocky stepped into the compatibility slot — so the RHEL-compatible ecosystem is intact. RHEL’s own 10-year lifecycle promise hasn’t moved.

“Do I really need RHEL in production?” #

For small teams, modern cloud workloads, or container shops — Ubuntu / Amazon Linux usually fit better. RHEL earns its place where long-term guarantees, compliance, or vendor certification are at stake. Look at where you actually work and decide from there.

“If I only know RHEL, can I work on Ubuntu too?” #

Yes. 70–80% transfers directly. dnfapt, firewalldufw, SELinux ↔ AppArmor are the commands that diverge; systemd, directory layout, user permissions, networking, SSH all behave the same way. After this series, sitting in front of an Ubuntu server shouldn’t throw you.

What this series covers — and what it doesn’t #

This series (Basics, 7 posts) gets you to the level where you can run a single RHEL machine on your own. Install it, manage packages, run services, create users, attach a disk, lock down a firewall — that’s the scope.

What’s left for later series:

TopicSeries
Deep SELinux, LVM, Stratis, NFS, NetworkManagerRHEL Intermediate
Boot / kernel tuning / performance / OpenSCAPRHEL Advanced
Web / DB / Podman ops, Cockpit, Ansible automationRHEL Practice
RHCSA (EX200) certificationRHCSA series
RHCE (EX294) certification — Ansible automationRHCE series

Even just finishing this series leaves you comfortable enough to SSH into a corporate server without flinching.

Wrap-up #

The picture from this post:

  • Linux splits into Debian-family (.deb / apt) and Red Hat-family (.rpm / dnf). This series covers the latter.
  • Enterprise Linux isn’t an OS — it’s a bundle of 10-year guarantees, certifications, and 24/7 support. That’s why it’s a separate thing.
  • Red Hat directly builds Fedora (lab) / CentOS Stream (preview) / RHEL (product). The arrow goes Fedora → Stream → RHEL.
  • The 2020 CentOS Linux EOL opened the slot for a free RHEL clone, and AlmaLinux + Rocky Linux filled it. Their commands and behavior match RHEL essentially identically. Oracle Linux sits in the same lane.
  • Individuals can use the Red Hat Developer Subscription to run RHEL on up to 16 machines for free. If that feels heavy, AlmaLinux / Rocky behaves the same way.
  • The RHEL 9 stackdnf + AppStream / systemd / SELinux Enforcing / XFS / firewalld / Podman. The Ubuntu differences live mostly in those few items.
  • And most importantly: everything in this series applies to AlmaLinux / Rocky / Oracle Linux unchanged.

Next — RHEL 9 install and first login #

Now that you’ve got the map, it’s time to put a real RHEL machine on the table.

#2 Setup — RHEL 9 install, Subscription Manager, first login covers (1) two ways to get the RHEL 9 ISO, (2) installing into a VM via UTM / VirtualBox / VMware, (3) walking through the Anaconda installer, (4) first registration with subscription-manager register, and (5) the small post-install fixes (timezone, hostname, first user) — all in one go. If you’re following along on AlmaLinux / Rocky, the differences are flagged so you can stay on the same path.

X