Nicolas Calimet <pov### [at] freefr> wrote:
> > francesco@debian:~/tmp$ povray +W320 +H240 +Icolchicine.pov +Omonitor.tga
> > povray: /home/francesco/.povray/3.6/povray.conf: 2: the user setting 'none'
> > for [File I/O Security] is less restrictive than the system setting
> > 'restricted' in '/etc//povray/3.6/povray.conf'.  Using system setting.
> > povray: /home/francesco/.povray/3.6/povray.conf: 5: the user setting
> > 'allowed' for [Shellout Security] is less restrictive than the system
> > 'forbidden' setting in '/etc//povray/3.6/povray.conf'.  Using system
> > setting.
>
>  As explicitly said above, you are trying to use settings in your
> ~/.povray/3.6/povray.conf file that are less restrictive than those set in
> the system-wide /etc/povray/3.6/povray.conf file that is created when
> installing POV-Ray as root.  However, you cannot override security settings
> that the root defines for the non-privileged users...
>
> > povray: /home/francesco/.povray/3.6/povray.conf: user permitted paths are
> > ignored.  Using system paths.
>
>  ... hence POV-Ray decides to use the "safe" settings.
>
> > Illegal instruction
>
>  This, however, should not happen.  Most likely you are using a POV-Ray
> binary compiled for a platform with specific optimizations that are not
> available on your own platform.  I guess this is a problem with the Debian
> release (I'll check out and file a bug report if necessary).
>  Solution: download and install the official POV-Ray for Linux distribution
> (alternatively, you may also install the official source distribution).
>
>  - NC

Hi Nic:
On the basis of your comment I have tried another way, modifying my
/home/francesco/.povray/3.6/povray.conf as follows:
[File I/O Security]
;none
;read-only
restricted

[Shellout Security]
;allowed
forbidden


[Permitted Paths]
;read = "/this/directory/contains space caracters"
read* = /usr/share/povray/include
read* = /usr/share/povray/scenes
read* = /etc/povray/
read* = %HOME%
read+write* = /tmp
read+write  = .




i.e. by taking the configuration at the Debian installation of POV-Ray,
which seems to be about perfect, as follows:
PERSISTENCE OF VISION RAY TRACER
;
;                           POV-Ray VERSION 3.6
;
;                         SAMPLE POVRAY.CONF FILE
;                      FOR I/O RESTRICTIONS SETTINGS
;
;
; The general form of the options is:
;
; [Section]
; setting
;
; Note: characters after a semi-colon are treated as a comment.
;
; This file is used primarily to define security settings, i.e. to
; restrict reading and writing of files and running of scripts beyond
; the security provided by the file system.  Regardless of the settings
; in this file, POV-Ray will not allow users to read files they would
; not ordinarily be allowed to read, write files they would not
; ordinarily be allowed to write, or execute files they would not
; ordinarily be allowed to execute, unless someone has made the binary
; setuid or setgid.
;
; POV-Ray will look in two places for this file: in a system-wide directory
; (typically /usr/local/etc/povray/3.6/povray.conf) and in the user's home
; directory (as ~/.povray/3.6/povray.conf).  POV-Ray will always use the
; most strict version of what is specified; user settings can only make
; security more strict.
;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;


; [File I/O Security] determines whether POV-Ray will be allowed to perform
; read-write operations on files.  Specify one of the 3 following values:
; - "none" means that there are no restrictions other than those enforced
;   by the file system, i.e. normal UNIX file and directory permissions.
; - "read-only" means that files may be read without restriction.
; - "restricted" means that files access is subject to restrictions as
;   specified in the rest of this file.  See the other variables for
details.

[File I/O Security]
;none       ; all read and write operations on files are allowed.
;read-only  ; uses the "read+write" directories for writing (see below).
restricted  ; uses _only_ "read" and "read+write" directories for file I/O.


; [Shellout Security] determines whether POV-Ray will be allowed to call
; scripts (e.g. Post_Frame_Command) as specified in the documentation.
; Specify one of the 2 following values:
; - "allowed" means that shellout will work as specified in the
documentation.
; - "forbidden" means that shellout will be disabled.

[Shellout Security]
;allowed
forbidden


; [Permitted Paths] specifies a list of directories for which reading or
; reading + writting is permitted (in those directories and optionnally
; in their descendents).  Any entry of the directory list is specified on
; a single line.  These paths are only used when the file I/O security
; is enabled (i.e. "read-only" or "restricted").
;
; The list entries must be formatted as following:
;   read = directory      ; read-only directory
;   read* = directory        ; read-only directory including its descendents
;   read+write = directory   ; read/write directory
;   read+write* = directory  ; read/write directory including its
descendents
; where directory is a string (to be quoted or doubly-quoted if it contains
; space caracters; see the commented example below).  Any number of spaces
; can be placed before and after the equal sign.  Read-only and read/write
; entries can be specified in any order.
;
; Both relative and absolute paths are possible (which makes "."
particularly
; useful for defining the current working directory).  The POV-Ray install
; directory (e.g. /usr/local/share/povray-3.6 or /usr/share/povray-3.6)
; can be specified with "%INSTALLDIR%".  The install directory and its
; descendents are typically only writable by root; therefore you should not
; specify "%INSTALLDIR%" in read/write directory paths.  The user home
; directory can be specified with "%HOME%".
;
; Note that since user-level restrictions are at least as strict as system-
; level restrictions, any paths specified in the system-wide povray.conf
; will also need to be specified in the user povray.conf file.

[Permitted Paths]
;read = "/this/directory/contains space caracters"
read* = /usr/share/povray/include
read* = /usr/share/povray/scenes
read* = /etc/povray/
read* = %HOME%
read+write* = /tmp
read+write  = .


_________

However, there must be some other mistake from my side, because with neither
my colchicine.pov nor example.pov (the latter taken from internet) I got
povray working, as follows:
francesco@debian:~/tmp$ povray +W320 +H240 -H
/home/francesco/tmp/+Icolchicine.pov /home/francesco/tmp/+Ocolchicine.tga
Could not find file '/home/francesco/tmp/+Ocolchicine.tga'
Cannot open INI file '/home/francesco/tmp/+Ocolchicine.tga'.
Cannot process command-line due to a parse error.
This is not a valid command-line. Check the command-line for syntax errors,
correct them, and try again!
Valid command-line switches are explained in detail in the reference part of
the documentation.
To get a short list of command-line switches, use either the '-h', '-?',
'-help' or '--help' switch.
Failed to render file due to error(s)!
francesco@debian:~/tmp$ povray +W320 +H240 +Iexample.pov +Oexample.tga
Illegal instruction
francesco@debian:~/tmp$

What else should I do? There must be errors in the command line. Sorry for
the long message but I am really pressed to solve the problem.

Thanks a lot
francesco

Post a reply to this message