Skip to main content

Migrating to v15 on Linux

Pluton v15 changes Linux server and AppImage installs to a least-privilege runtime. The installer still needs sudo, but the running service now uses the dedicated non-root pluton system user.

During upgrade, the installer creates the pluton user and group if needed, updates ownership for /var/lib/pluton/ and /etc/pluton/, and installs /usr/bin/pluton-helper for narrow elevated operations. After upgrading, review the permission changes below for any local destinations, scripts, or full-system rescue backup plans you already use.

Local Backup Destinations

If a backup plan stores data in a local destination, mounted path, external drive, or another directory outside /var/lib/pluton, the pluton user must be able to write there.

On Debian/Ubuntu systems, install ACL support if needed and grant recursive access:

sudo apt update && sudo apt install acl -y
sudo setfacl -R -m u:pluton:rwx,d:u:pluton:rwx /path/to/pluton-backups

Replace /path/to/pluton-backups with the actual backup destination. The d:u:pluton:rwx entry gives new files and directories the same default access.

You can verify access with:

sudo -u pluton test -w /path/to/pluton-backups && echo "pluton can write"

User Scripts

Normal backup plan scripts now run as the pluton user. If a script does not need root privileges, make sure the pluton user can read and execute it:

sudo chown pluton:pluton /usr/local/libexec/pluton-hooks/pre-backup.sh
sudo chmod 750 /usr/local/libexec/pluton-hooks/pre-backup.sh

If a script does need root privileges, enable root execution for that script in the plan settings and add an explicit sudoers rule for the exact script path:

sudo tee /etc/sudoers.d/pluton-helper-scripts >/dev/null <<'EOF'
pluton ALL=(root) NOPASSWD: /usr/bin/pluton-helper run-script /usr/local/libexec/pluton-hooks/pre-backup-root.sh
EOF
sudo chmod 440 /etc/sudoers.d/pluton-helper-scripts
sudo visudo -c -f /etc/sudoers.d/pluton-helper-scripts

Use one sudoers line per root script. Avoid broad wildcards for hook scripts.

ReaR Rescue Backups

Pluton PRO full Linux system backups use ReaR. Because ReaR reads block devices, checks layouts, and creates bootable rescue media, it still needs root access through pluton-helper.

If you use full-system rescue backups, add these sudoers rules:

sudo tee /etc/sudoers.d/pluton-helper-rear >/dev/null <<'EOF'
pluton ALL=(root) NOPASSWD: /usr/bin/pluton-helper run-rear mkbackup --config /var/lib/pluton/config/rear-config-*.conf --tmpdir *
pluton ALL=(root) NOPASSWD: /usr/bin/pluton-helper run-rear mkbackuponly --config /var/lib/pluton/config/rear-config-*.conf --tmpdir *
pluton ALL=(root) NOPASSWD: /usr/bin/pluton-helper run-rear checklayout --config /var/lib/pluton/config/rear-config-*.conf --tmpdir *
EOF
sudo chmod 440 /etc/sudoers.d/pluton-helper-rear
sudo visudo -c -f /etc/sudoers.d/pluton-helper-rear

These rules are only needed for ReaR rescue backups. Regular file backups and sync backups do not need the ReaR sudoers entries.

After Migration Checks

Run these checks after upgrading:

sudo systemctl status pluton
id pluton
ls -ld /var/lib/pluton /etc/pluton
getcap /usr/bin/pluton-helper

Expected results:

  • pluton service is running.
  • id pluton shows the dedicated system user.
  • /var/lib/pluton and /etc/pluton are owned by pluton:pluton.
  • /usr/bin/pluton-helper has cap_chown, cap_dac_override, and cap_fowner capabilities.

If backups fail after migration, check whether the failed plan writes to a local path or runs a script that previously depended on the service running as root.