POV-Ray : Documentation : 5.4.4 Permitted Paths
  POV-Ray 3.6 Documentation Online View  
5.4.3 Shellout Security Examples for path settings

5.4.4 Permitted Paths

The [Permitted Paths] section contains a list of directories which are specifically allowed for either reading or reading and writing. These paths are only used when the setting for [File I/O Security] is either read-only or restricted.

Directories that are only allowed for reading are added with read=directory. For allowing reading and writing use read+write=directory.

If [File I/O Security] is set to read-only, any directory can be used to read in a file, and read+write entries must specify which directories are allowed for writing.

If [File I/O Security] is set to restricted, reading and writing is allowed only in the directories given by the read and read+write entries.

If the directory name contains spaces it has to be quoted or doubly-quoted. There can be spaces before and after the equal sign. Read-only and read/write entries can be specified in any order.

If you want the permissions for a specified directory to also extend to all of its subdirectories you have to add a * (like read*=directory or read+write*=directory).

Both relative and absolute paths are permitted (making . especially useful). The install directory (typically /usr/local/share/povray-3.6 or /usr/share/povray-3.6) can be specified with %INSTALLDIR%, the user home directory with %HOME%. The install directory and its descendents are typically only writable by root; therefore it does not make sense to have %INSTALLDIR% in read/write directory paths.

Note: Since user-level permissions are at least as strict as system-level restrictions, any paths specified in the system-wide povray.conf will also need to be specified in ~/.povray/3.6/povray.conf if this file exists.

5.4.3 Shellout Security Examples for path settings

Copyright 2003-2004 Persistence of Vision Raytracer Pty. Ltd.