Parsec can be built and installed as a Linux daemon using systemd. The daemon is a systemd user
daemon run by the
parsec user. Some manual steps are needed to make sure that permissions are set
up correctly so that Parsec is installed respecting the operational mitigations of our threat
model. Currently, Parsec does not support
integration with any Identity Provider. More installation methods will be added in the future when
new identity providers/authenticators are supported.
If your Linux system uses systemd to manage daemons, you can follow these steps.
can be a space or comma-separated subset of:
tpm-provider. Choose the providers you want to install depending on what is available on the
sudo useradd -m parsec sudo passwd parsec
Create the following Parsec directories, with good permissions:
/var/lib/parsecfor storing persistent data like the
/etc/parsecto contain the configuration file.
/usr/libexec/parsecto contain the
parsecexecutable binary file.
/run/parsecto contain the socket file. The
parsec-clientsgroup needs to be created. Mutually trusted Parsec Clients will need to be in that group.
sudo mkdir /var/lib/parsec sudo chown parsec /var/lib/parsec sudo chmod 700 /var/lib/parsec sudo mkdir /etc/parsec sudo chown parsec /etc/parsec sudo chmod 700 /etc/parsec sudo mkdir /usr/libexec/parsec sudo chown parsec /usr/libexec/parsec sudo chmod 700 /usr/libexec/parsec sudo groupadd parsec-clients sudo mkdir /run/parsec sudo chown parsec:parsec-clients /run/parsec sudo chmod 750 /run/parsec
For example, adding the imaginary
parsec-client-1 user to the
sudo usermod -a -G parsec-clients parsec-client-1
Users just added to that group might need to log-out and log-in again to make sure the change apply.
They can also try the
newgrp command with no parameters to re-initialize their environment.
Log in to
su --login parsec
Depending on which features of Parsec the
parsec user is going to use, it might need to be given
more privileges in order to access some resources on the system. Refer to the
Providers page for more information.
In its home directory, clone and compile Parsec. If a Rust toolchain is not available widely on the system, it will need to be installed for that specific user.
Below is an example with Parsec 0.5.0, update with the version you want!
git clone --branch 0.5.0 https://github.com/parallaxsecond/parsec cargo build --manifest-path parsec/Cargo.toml --features $DESIRED_FEATURES --release cp parsec/target/release/parsec /usr/libexec/parsec
Adapt and copy the configuration you want to use.
cp parsec/config.toml /etc/parsec/config.toml
Install the systemd unit files and activate the Parsec socket.
mkdir -p ~/.config/systemd/user cp -r parsec/systemd-daemon/parsec.service ~/.config/systemd/user systemctl --user enable parsec systemctl --user start parsec
Check the Parsec logs with:
journalctl --user -u parsec
Also reload the service with:
systemctl --user kill -s HUP parsec
parsec-clients users can now use Parsec! You can test it (having logged in a
user) by installing the
$ parsec-tool ping [INFO] Pinging Parsec service... [SUCCESS] Service wire protocol version is 1.0.
Note: if you encounter a "Permission Denied" error while executing the end-to-end tests, make sure
that the group change has taken effect. You can check it by calling
groups with no arguments. If
you do not see
parsec-clients, please try logging the user out and in again to apply the change.
Copyright 2019 Contributors to the Parsec project.