The File sandbox type can be used for sandboxing users to filesystem paths. It has one required parameter, path, which is the path in the filesystem where the users will be sandboxed to.

On Windows, sandbox paths can point to other servers or shares using UNC paths. For example: \\server\\share\\directory. Users’ crdentialls will be passed through to authenticate against \\server\\share.

For convenience, File sandbox configuration can be simplified into just a path. See Simplified form example.

Configuration Options

Type of the sandbox. For File type, set to File.
Path where user should be sandboxed.

On Windows, additional parameters can be specified to authenticate against a share with specific credentials:

Username to use for authentication
Password to use for authentication
Share to authenticate against.


When specifying shareName, the path parameter must include the share name that JetStream authenticates against. See Windows Shares With Specific Credentials example.


When specifying path for system sandbox or global sandbox, placeholders can be used to represent dynamic values. The valid placeholders are:

Placeholder Replaced with
%u Username
%d Domain
%f Full username [1]
%% %
[1]Full username may include \ or @. Platform dependent.


Path placeholders are also supported in the simplified form.


Simplified form

To sandbox all users into /data directory using the command line:

[email protected]# jetstream server --sandbox-dir /data

The equivalent of the above example using the API:

> api.server.setSandboxMapping("", {"": "/data"})

The equivalent of the above examples using the full File notation would be:

> api.server.setSandboxMapping("", {"": { "type": "File", "path": "/data"}})


> api.server.setSandboxMapping("", {"": { "type": "File", "path": "/home/%u"}})

Windows Shares

To access windows shares with the credentials of the user that connects to the JetStream server, use the following configuration:

>>> api.server.setSandboxMapping('', {
    "": {
        'type': 'File',
        'path': r'\\server\share\users\%u',

When userA connects to the JetStream server, the userA’s credentials will be used to authenticate against the \\server\share.

Windows Shares With Specific Credentials

To use the username data_sandbox to authenticate against a \\server\share regardless of who connects to the JetStream server:

>>> api.server.setSandboxMapping('', {
    "": {
        'type': 'File',
        'path': r'\\server\share\users\%u',
        'userName': r'data_sandbox',
        'password': 'secret',
        'shareName': r'\\server\share'