Skip to content
DevOps devops linux-admin 5 min read

Installing Software (apt, snap, deb)

On Ubuntu there is rarely just one way to install a program — there are four common ones, and picking the right one saves you a lot of pain later. This page walks through apt (the default package manager), Snap packages, manual .deb files, and PPAs (extra software sources). Knowing the trade-offs matters because the wrong choice can leave you with an outdated app, a broken update, or a security hole. By the end you’ll know which method to reach for in each situation.

First, some vocabulary. A package is a single bundled file that contains a program plus instructions on how to install it. A package manager is a tool that downloads packages, installs them, and tracks what depends on what so it can update or remove them cleanly. A repository (or “repo”) is an online server that hosts packages. Ubuntu comes pre-configured with official repositories.

apt — the default way

apt (Advanced Package Tool) is the standard package manager on Ubuntu and the one you should reach for first. It installs software from repositories that Ubuntu (and trusted third parties) maintain. The big advantage is that packages are tested to work together, and a single command keeps everything up to date.

sudo apt update
sudo apt install nginx

Output:

Reading package lists... Done
Building dependency tree... Done
The following NEW packages will be installed:
  nginx nginx-common nginx-core
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 612 kB of archives.
Setting up nginx (1.24.0-2ubuntu7) ...

sudo apt update refreshes the local list of what’s available (it does not install anything). sudo apt install then fetches and installs the package and anything it depends on. To remove it later:

sudo apt remove nginx          # remove the program, keep config files
sudo apt purge nginx           # remove the program AND its config files
sudo apt autoremove            # clean up dependencies nothing else needs

When to use it: almost always. It’s the lightest, best-integrated, and most secure option for server software like nginx, postgresql, or git.

When NOT to use it: when the version in Ubuntu’s repos is too old for your needs, or the software simply isn’t packaged there.

snap — sandboxed, self-contained packages

A Snap is a newer package format from Canonical (the company behind Ubuntu). A Snap bundles the app and all its libraries into one file, and runs it inside a sandbox (an isolated environment that limits what the app can touch on your system). This means Snaps work the same across Linux distributions and update automatically.

sudo snap install code --classic
snap list

Output:

code 1.98.0 installed
Name   Version  Rev    Tracking       Publisher   Notes
code   1.98.0   12345  latest/stable  vscode✓     classic
core22 20240... 1380   latest/stable  canonical✓  base

The --classic flag turns off the sandbox for apps (like editors) that need broad access to your files. To remove a Snap, run sudo snap remove code.

Snaps are heavier than apt packages because each one ships its own copy of shared libraries, and the auto-update behaviour can restart apps without warning. On a memory-tight production server, prefer apt.

When to use it: desktop apps, or when you need a very recent version that apt doesn’t have. The sandbox is a genuine security benefit.

When NOT to use it: lean servers, or anything where slower startup and extra disk use matter.

Manual .deb files with dpkg

Some vendors (Google Chrome, Slack, Zoom) ship a downloadable .deb file — the raw package format apt uses under the hood. You install it directly with dpkg (the low-level Debian package tool):

wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
sudo dpkg -i google-chrome-stable_current_amd64.deb
sudo apt install -f

Output:

Selecting previously unselected package google-chrome-stable.
Unpacking google-chrome-stable (124.0.6367.60-1) ...
dpkg: dependency problems prevent configuration of google-chrome-stable

dpkg -i (the -i means “install”) does not resolve dependencies on its own. If it reports missing dependencies, the follow-up sudo apt install -f (the -f means “fix broken”) pulls them in. Remove the app later with sudo apt remove google-chrome-stable.

When to use it: proprietary software offered only as a direct .deb download.

When NOT to use it: if the same app is in apt or as a Snap — those update automatically, while a manual .deb will not.

PPAs with add-apt-repository

A PPA (Personal Package Archive) is an extra repository hosted on Launchpad that you add to your system. Once added, the packages inside it behave like normal apt packages — including automatic updates. PPAs are popular for getting newer versions than Ubuntu ships.

sudo add-apt-repository ppa:ondrej/php
sudo apt update
sudo apt install php8.3

Output:

 PPA for PHP versions...
 More info: https://launchpad.net/~ondrej/+archive/ubuntu/php
Press [ENTER] to continue or Ctrl-c to cancel.

To remove a PPA you no longer want, use sudo add-apt-repository --remove ppa:ondrej/php.

A PPA can publish any package, including replacements for core system files. Only add PPAs from people or projects you trust — a malicious or careless PPA can break or compromise your whole system.

When to use it: trusted, well-known PPAs for newer software versions.

When NOT to use it: random PPAs from forum posts, or on production servers where stability beats freshness.

apt vs snap vs .deb vs PPA — quick comparison

MethodAuto-updatesSandboxedDisk/RAM costBest for
apt (repos)Yes (apt upgrade)NoLowMost server and CLI software
snapYes (automatic)Yes (usually)HighLatest versions, desktop apps
.deb + dpkgNo (manual)NoLowVendor-only downloads
PPAYes (apt upgrade)NoLowNewer versions from trusted sources

Best Practices

  • Try apt first — it’s the lightest, most secure, and best-integrated option on Ubuntu.
  • Always run sudo apt update before sudo apt install so you fetch the current package list.
  • Use apt purge plus apt autoremove to fully clean up software you no longer need.
  • Reserve manual .deb files for vendors that offer no repo, and remember to update them by hand.
  • Only add PPAs and .deb files from sources you trust — they run with full system access.
  • On lean production servers, avoid Snaps for background services because of the extra memory and disk overhead.
  • Periodically run snap list and apt list --installed to audit what’s on the machine.
Last updated June 15, 2026
Was this helpful?