1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;
; PERSISTENCE OF VISION RAY TRACER
;
; POV-Ray VERSION 3.7
;
; SAMPLE POVRAY.CONF FILE
; FOR I/O RESTRICTIONS SETTINGS
;
;
; The general form of the options is:
;
; [Section]
; setting
;
; Note: characters after a semi-colon are treated as a comment.
;
; This file is used primarily to define security settings, i.e. to
; restrict reading and writing of files and running of scripts beyond
; the security provided by the file system. Regardless of the settings
; in this file, POV-Ray will not allow users to read files they would
; not ordinarily be allowed to read, write files they would not
; ordinarily be allowed to write, or execute files they would not
; ordinarily be allowed to execute, unless someone has made the binary
; setuid or setgid.
;
; POV-Ray will look in two places for this file: in a system-wide directory
; (typically /usr/local/etc/povray/3.7/povray.conf or
; /etc/povray/3.7/povray.conf) and in the user's home
; directory (as ~/.povray/3.7/povray.conf). POV-Ray will always use the
; most strict version of what is specified; user settings can only make
; security more strict.
;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; [File I/O Security] determines whether POV-Ray will be allowed to perform
; read-write operations on files. Specify one of the 3 following values:
; - "none" means that there are no restrictions other than those enforced
; by the file system, i.e. normal UNIX file and directory permissions.
; - "read-only" means that files may be read without restriction.
; - "restricted" means that files access is subject to restrictions as
; specified in the rest of this file. See the other variables for details.
[File I/O Security]
;none ; all read and write operations on files are allowed.
;read-only ; uses the "read+write" directories for writing (see below).
restricted ; uses _only_ "read" and "read+write" directories for file I/O.
; [Shellout Security] determines whether POV-Ray will be allowed to call
; scripts (e.g. Post_Frame_Command) as specified in the documentation.
; Specify one of the 2 following values:
; - "allowed" means that shellout will work as specified in the documentation.
; - "forbidden" means that shellout will be disabled.
[Shellout Security]
;allowed
forbidden
; [Permitted Paths] specifies a list of directories for which reading or
; reading + writting is permitted (in those directories and optionnally
; in their descendents). Any entry of the directory list is specified on
; a single line. These paths are only used when the file I/O security
; is enabled (i.e. "read-only" or "restricted").
;
; The list entries must be formatted as following:
; read = directory ; read-only directory
; read* = directory ; read-only directory including its descendents
; read+write = directory ; read/write directory
; read+write* = directory ; read/write directory including its descendents
; where directory is a string (to be quoted or doubly-quoted if it contains
; space caracters; see the commented example below). Any number of spaces
; can be placed before and after the equal sign. Read-only and read/write
; entries can be specified in any order.
;
; Both relative and absolute paths are possible (which makes "." particularly
; useful for defining the current working directory). The POV-Ray install
; directory (e.g. /usr/local/share/povray-3.7 or /usr/share/povray-3.7)
; can be specified with "%INSTALLDIR%". The install directory and its
; descendents are typically only writable by root; therefore you should not
; specify "%INSTALLDIR%" in read/write directory paths. The user home
; directory can be specified with "%HOME%".
;
; Note that since user-level restrictions are at least as strict as system-
; level restrictions, any paths specified in the system-wide povray.conf
; will also need to be specified in the user povray.conf file.
[Permitted Paths]
;read = "/this/directory/contains space caracters"
read* = %INSTALLDIR%/include
read* = /usr/share/doc/povray/examples
read* = /etc/povray
read* = %HOME%
read+write* = /tmp
read+write = .
|
