96 lines
4.2 KiB
Text
96 lines
4.2 KiB
Text
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
;
|
|
; PERSISTENCE OF VISION RAY TRACER
|
|
;
|
|
; POV-Ray VERSION 3.7
|
|
;
|
|
; SAMPLE POVRAY.CONF FILE
|
|
; FOR I/O RESTRICTIONS SETTINGS
|
|
;
|
|
;
|
|
; The general form of the options is:
|
|
;
|
|
; [Section]
|
|
; setting
|
|
;
|
|
; Note: characters after a semi-colon are treated as a comment.
|
|
;
|
|
; This file is used primarily to define security settings, i.e. to
|
|
; restrict reading and writing of files and running of scripts beyond
|
|
; the security provided by the file system. Regardless of the settings
|
|
; in this file, POV-Ray will not allow users to read files they would
|
|
; not ordinarily be allowed to read, write files they would not
|
|
; ordinarily be allowed to write, or execute files they would not
|
|
; ordinarily be allowed to execute, unless someone has made the binary
|
|
; setuid or setgid.
|
|
;
|
|
; POV-Ray will look in two places for this file: in a system-wide directory
|
|
; (typically /usr/local/etc/povray/3.7/povray.conf) and in the user's home
|
|
; directory (as ~/.povray/3.7/povray.conf). POV-Ray will always use the
|
|
; most strict version of what is specified; user settings can only make
|
|
; security more strict.
|
|
;
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
|
|
; [File I/O Security] determines whether POV-Ray will be allowed to perform
|
|
; read-write operations on files. Specify one of the 3 following values:
|
|
; - "none" means that there are no restrictions other than those enforced
|
|
; by the file system, i.e. normal UNIX file and directory permissions.
|
|
; - "read-only" means that files may be read without restriction.
|
|
; - "restricted" means that files access is subject to restrictions as
|
|
; specified in the rest of this file. See the other variables for details.
|
|
|
|
[File I/O Security]
|
|
;none ; all read and write operations on files are allowed.
|
|
;read-only ; uses the "read+write" directories for writing (see below).
|
|
restricted ; uses _only_ "read" and "read+write" directories for file I/O.
|
|
|
|
|
|
; [Shellout Security] determines whether POV-Ray will be allowed to call
|
|
; scripts (e.g. Post_Frame_Command) as specified in the documentation.
|
|
; Specify one of the 2 following values:
|
|
; - "allowed" means that shellout will work as specified in the documentation.
|
|
; - "forbidden" means that shellout will be disabled.
|
|
|
|
[Shellout Security]
|
|
;allowed
|
|
forbidden
|
|
|
|
|
|
; [Permitted Paths] specifies a list of directories for which reading or
|
|
; reading + writting is permitted (in those directories and optionnally
|
|
; in their descendents). Any entry of the directory list is specified on
|
|
; a single line. These paths are only used when the file I/O security
|
|
; is enabled (i.e. "read-only" or "restricted").
|
|
;
|
|
; The list entries must be formatted as following:
|
|
; read = directory ; read-only directory
|
|
; read* = directory ; read-only directory including its descendents
|
|
; read+write = directory ; read/write directory
|
|
; read+write* = directory ; read/write directory including its descendents
|
|
; where directory is a string (to be quoted or doubly-quoted if it contains
|
|
; space caracters; see the commented example below). Any number of spaces
|
|
; can be placed before and after the equal sign. Read-only and read/write
|
|
; entries can be specified in any order.
|
|
;
|
|
; Both relative and absolute paths are possible (which makes "." particularly
|
|
; useful for defining the current working directory). The POV-Ray install
|
|
; directory (e.g. /usr/local/share/povray-3.7 or /usr/share/povray-3.7)
|
|
; can be specified with "%INSTALLDIR%". The install directory and its
|
|
; descendents are typically only writable by root; therefore you should not
|
|
; specify "%INSTALLDIR%" in read/write directory paths. The user home
|
|
; directory can be specified with "%HOME%".
|
|
;
|
|
; Note that since user-level restrictions are at least as strict as system-
|
|
; level restrictions, any paths specified in the system-wide povray.conf
|
|
; will also need to be specified in the user povray.conf file.
|
|
|
|
[Permitted Paths]
|
|
;read = "/this/directory/contains space caracters"
|
|
read* = %INSTALLDIR%/include
|
|
read* = %INSTALLDIR%/scenes
|
|
read* = %INSTALLDIR%/../../etc
|
|
read* = %HOME%
|
|
read+write* = /tmp
|
|
read+write = .
|