Sandboxing

JetStream servers can restrict a user’s activity to a specific location in the file system, or sandbox. Sandboxes can be used to isolate users, or limit them to only specific resources.

Sandboxing can be setup to:

• Restrict all users to a specific resource (eg. /storage)

• Restrict users to a user-specific location (eg. user’s home directory)

• Give specific user access to a resource (eg. only userA can access /storage/data)

• Give users a list of accessible resources (eg. /storage/common-fles, and user’s home directory)

Warning

If a sandbox is not specified, access to whole system root (/) is assumed. On Windows, a server without a specified sandbox will give users the ability to see all physical drives attached to the system.

Tip

Sandboxing can be managed with a graphical user-interface using the Client Application.

Tip

Sandboxing status of a server can be determined by either calling the getServerInfo() (see jetstream-api:structure-server-info) API call, or by listing the sandboxes using getSandboxMappings() (requires superuser privileges) API call.

Topics

• Basic Sandboxing
• Advanced Sandboxing
• Sandbox Types