The js-io-rights.conf file contains rules that permit write access to defined directories in the server file system.

Mandatory Content of the js-io-rights.conf File

Each line of the js-io-rights.conf file must contain the following information.

  • A plus (+) or minus (-) sign to indicate whether rights are permitted or denied

  • The read (r), write (w), and execute (x) levels of rights

  • The path on which to apply the rights

Default Content of the js-io-rights.conf File

The default content of the js-io-rights.conf configuration file in the Orchestrator Appliance is as follows:

-rwx /
+rwx /var/run/vco
-rwx /etc/vco/app-server/security/
+rx /etc/vco
+rx /var/log/vco/

The first two lines in the default js-io-rights.conf configuration file allow the following access rights:

-rwx /

All access to the file system is denied.

+rwx /var/run/vco

Read, write, and execute access is permitted in the /var/run/vco directory.

Rules in the js-io-rights.conf File

Orchestrator resolves access rights in the order they appear in the js-io-rights.conf file. Each line can override the previous lines.

Important:

You can permit access to all parts of the file system by setting +rwx / in the js-io-rights.conf file. However, doing so represents a high security risk.