1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
|
<!-- This file copyright Persistence of Vision Raytracer Pty. Ltd. 2003-2004 -->
<html>
<head>
<!-- NOTE: In order to users to help find information about POV-Ray using -->
<!-- web search engines, we ask you to *not* let them index documentation -->
<!-- mirrors because effectively, when searching, users will get hundreds -->
<!-- of results containing the same information! For this reason, the two -->
<!-- meta tags below disable archiving and indexing of this page by all -->
<!-- search engines that support these meta tags. -->
<meta content="noarchive" name="robots">
<meta content="noindex" name="robots">
<meta content="no-cache" http-equiv="Pragma">
<meta content="0" http-equiv="expires">
<title>1.4.4 Permitted Paths</title>
<link href="povray35.css" rel="stylesheet" type="text/css">
</head>
<body>
<table class="NavBar" width="100%">
<tr>
<td align="left" nowrap="" valign="middle" width="32">
<a href="s_26.html"><img alt="previous" border="0" src="prev.png"></a>
</td>
<td align="left" valign="middle" width="30%">
<a href="s_26.html">1.4.3 Shellout Security</a>
</td>
<td align="center" valign="middle">
<strong class="NavBar">POV-Ray 3.6 for UNIX documentation</strong><br> <strong>1.4.4
Permitted Paths</strong>
</td>
<td align="right" valign="middle" width="30%">
<a href="s_28.html">1.4.5 Example configuration file</a>
</td>
<td align="right" nowrap="" valign="middle" width="32">
<a href="s_28.html"><img alt="next" border="0" src="next.png"></a>
</td>
</tr>
</table>
<h3><a name="s01_04_04">1.4.4 </a>Permitted Paths</h3>
<p>
The <code>[Permitted Paths]</code> section contains a list of directories which are specifically allowed for either
reading or reading and writing. These paths are only used when the setting for <code>[File I/O Security]</code> is
either <code>read-only</code> or <code>restricted</code>.
</p>
<p>
Directories that are only allowed for reading are added with <code>read=directory</code>. For allowing reading and
writing use <code>read+write=directory</code>.
</p>
<p>
If <code>[File I/O Security]</code> is set to <code>read-only</code>, any directory can be used to read in a file,
and <code>read+write</code> entries must specify which directories are allowed for writing.
</p>
<p>
If <code>[File I/O Security]</code> is set to <code>restricted</code>, reading and writing is allowed <em>only</em>
in the directories given by the <code>read</code> and <code>read+write</code> entries.
</p>
<p>
If the directory name contains spaces it has to be quoted or doubly-quoted. There can be spaces before and after
the equal sign. Read-only and read/write entries can be specified in any order.
</p>
<p>
If you want the permissions for a specified directory to also extend to all of its subdirectories you have to add a <code>*</code>
(like <code>read*=directory</code> or <code>read+write*=directory</code>).
</p>
<p>
Both relative and absolute paths are permitted (making <code>.</code> especially useful). The install directory
(typically <code>/usr/local/share/povray-3.6</code> or <code>/usr/share/povray-3.6</code>) can be specified with <code>%INSTALLDIR%</code>,
the user home directory with <code>%HOME%</code>. The install directory and its descendents are typically only
writable by root; therefore it does not make sense to have <code>%INSTALLDIR%</code> in read/write directory paths.
</p>
<p class="Note">
<strong>Note:</strong> Since user-level permissions are at least as strict as system-level
restrictions, any paths specified in the system-wide <code>povray.conf</code> will also need to be specified in <code>~/.povray/3.6/povray.conf</code>
if this file exists.
</p>
<h4><a name="s01_04_04_01">1.4.4.1 </a>Examples for path settings</h4>
<p>
</p>
<pre>[Permitted Paths]
read=%INSTALLDIR%
</pre>
<p>
would permit reading from the directory where the POV-Ray supplementary files are installed.
</p>
<p>
Note that the installdir location does not relate to where the binary is run from - it relates to the information
defined at compile-time. Relative paths are legal as well, and will be resolved only once at load time (but relative
to the current directory, not the installdir). For example, a relative path like the following ...
</p>
<p>
</p>
<pre>[Permitted Paths]
read+write=../output
</pre>
<p>
would be resolved with relation to the <em>current directory at the time POV-Ray for Unix was started</em>, so if
you started povray while in the directory <code>~/myscenes/newscene</code>, then the above path would be resolved as <code>~/myscenes/output</code>.
Please note that the actual location of the povray binary is not relevent here - it is the current directory that
matters (which is typically not that of the program).
</p>
<br>
<table class="NavBar" width="100%">
<tr>
<td align="left" nowrap="" valign="middle" width="32">
<a href="s_26.html"><img alt="previous" border="0" src="prev.png"></a>
</td>
<td align="left" valign="middle" width="30%">
<a href="s_26.html">1.4.3 Shellout Security</a>
</td>
<td align="center" valign="middle">
<strong>1.4.4 Permitted Paths</strong>
</td>
<td align="right" valign="middle" width="30%">
<a href="s_28.html">1.4.5 Example configuration file</a>
</td>
<td align="right" nowrap="" valign="middle" width="32">
<a href="s_28.html"><img alt="next" border="0" src="next.png"></a>
</td>
</tr>
</table>
</body> </html>
|
