Running agent and server on same machine
Answered
The documentation states: "This is not a recommended setup for production purposes because of security concerns..."
But I can't figure out why it is a security concert to run agents and server on same machine. Can you elaborate on that in more detail?
Please sign in to leave a comment.
Hello!
The security concern involved with server and agent processes being ran on the same machine is more about the internal security (users not permissioned to access certain resources may take over the server). Suppose a case where server and agent are running under the same user (or agent process identity may access the TeamCity server home/data directories). In this case, you may modify or read TeamCity configuration using a custom command line script from the agent side - so potentially this will expose the server configuration to any TeamCity user who is permissioned to modify build configurations and run them.
You may find this checklist (https://www.jetbrains.com/help/teamcity/2020.1/how-to.html?#HowTo...-Additionalsecurity-relatedsettings) helpful; in particular, the above case is covered by ensuring agent and server processes are running with the minimal required permissions.
Please let me know if there is anything else I could assist with.