JetStream server can restrict user’s activity to a specific location in the file system, or sandbox. Sandboxes can be used to isolate users, or limit them to only specific resources.


Running JetStream without sandboxing set up will give users full file system access. File access permissions will be honored.

Sandboxing can be setup to:
  • Restrict all users to a specific resource (eg. /storage)

  • Restrict users to a user-specific location (eg. user’s home directory)

  • Give specific user access to a resource (eg. only userA can access /storage/data)

  • Give users a list of accessible resources (eg. /storage/common-fles, and user’s home directory)

For more information about sandboxing, please refer to Sandboxing documentation.