JetStream servers can restrict a user’s activity to a specific location in the file system, or sandbox. Sandboxes can be used to isolate users, or limit them to only specific resources.
- Sandboxing can be setup to:
Restrict all users to a specific resource (eg.
Restrict users to a user-specific location (eg. user’s home directory)
Give specific user access to a resource (eg. only
Give users a list of accessible resources (eg.
/storage/common-fles, and user’s home directory)
If a sandbox is not specified, access to whole system root (
/) is assumed. On Windows, a server without a specified sandbox will give users the ability to see all physical drives attached to the system.
Sandboxing can be managed with a graphical user-interface using the Client Application.
Sandboxing status of a server can be determined by either calling the
getServerInfo() (see Server Information Structure) API call, or by listing the sandboxes using
getSandboxMappings() (requires superuser privileges) API call.