Sandboxing¶
JetStream server can restrict user’s activity to a specific location in the file system, or sandbox. Sandboxes can be used to isolate users, or limit them to only specific resources.
- Sandboxing can be setup to:
- Restrict all users to a specific resource (eg.
/storage
) - Restrict users to a user-specific location (eg. user’s home directory)
- Give specific user access to a resource (eg. only
userA
can access/storage/data
) - Give users a list of accessible resources (eg.
/storage/common-fles
, and user’s home directory)
- Restrict all users to a specific resource (eg.
Warning
If a sandbox is not specified, access to whole system root (/
) is assumed. On Windows, a server without a specified sandbox will give users the ability to see all physical drives attached to the system.
Tip
Sandboxing status of a server can be determined by either calling the getServerInfo()
(see Server Information Structure) API call, or by listing the sandboxes using getSandboxMappings()
(requires superuser privileges) API call.
Topics