1.4.4 Permitted Paths

The [Permitted Paths] section contains a list of directories which are specifically allowed for either reading or reading and writing. These paths are only used when the setting for [File I/O Security] is either read-only or restricted.

Directories that are only allowed for reading are added with read=directory. For allowing reading and writing use read+write=directory.

If [File I/O Security] is set to read-only, any directory can be used to read in a file, and read+write entries must specify which directories are allowed for writing.

If [File I/O Security] is set to restricted, reading and writing is allowed only in the directories given by the read and read+write entries.

If the directory name contains spaces it has to be quoted or doubly-quoted. There can be spaces before and after the equal sign. Read-only and read/write entries can be specified in any order.

If you want the permissions for a specified directory to also extend to all of its subdirectories you have to add a * (like read*=directory or read+write*=directory).

Both relative and absolute paths are permitted (making . especially useful). The install directory (typically /usr/local/share/povray-3.6 or /usr/share/povray-3.6) can be specified with %INSTALLDIR%, the user home directory with %HOME%. The install directory and its descendents are typically only writable by root; therefore it does not make sense to have %INSTALLDIR% in read/write directory paths.

Note: Since user-level permissions are at least as strict as system-level restrictions, any paths specified in the system-wide povray.conf will also need to be specified in ~/.povray/3.6/povray.conf if this file exists.

1.4.4.1 Examples for path settings

[Permitted Paths]
read=%INSTALLDIR%

would permit reading from the directory where the POV-Ray supplementary files are installed.

Note that the installdir location does not relate to where the binary is run from - it relates to the information defined at compile-time. Relative paths are legal as well, and will be resolved only once at load time (but relative to the current directory, not the installdir). For example, a relative path like the following ...

[Permitted Paths]
read+write=../output

would be resolved with relation to the current directory at the time POV-Ray for Unix was started, so if you started povray while in the directory ~/myscenes/newscene, then the above path would be resolved as ~/myscenes/output. Please note that the actual location of the povray binary is not relevent here - it is the current directory that matters (which is typically not that of the program).