Sandboxing

JetStream servers can restrict a user’s activity to a specific location in the file system, or sandbox. Sandboxes can be used to isolate users, or limit them to only specific resources.

Sandboxing can be setup to:
  • Restrict all users to a specific resource (eg. /storage)

  • Restrict users to a user-specific location (eg. user’s home directory)

  • Give specific user access to a resource (eg. only userA can access /storage/data)

  • Give users a list of accessible resources (eg. /storage/common-fles, and user’s home directory)

Warning

If a sandbox is not specified, access to whole system root (/) is assumed. On Windows, a server without a specified sandbox will give users the ability to see all physical drives attached to the system.

Tip

Sandboxing can be managed with a graphical user-interface using the Client Application.

Tip

Sandboxing status of a server can be determined by either calling the getServerInfo() (see jetstream-api:structure-server-info) API call, or by listing the sandboxes using getSandboxMappings() (requires superuser privileges) API call.

Topics