How can I use docker without sudo?

Question

bill-lancaster

Asked: 2018-10-09 00:30:52 +0800 CST2018-10-09 00:30:52 +0800 CST 2018-10-09 00:30:52 +0800 CST

Trouble with batch conversion of .png to .pdf using convert

772

convert /home/bill/TempScan/*.png  myfile.pdf

gives error message:

convert-im6.q16: not authorized `myfile.pdf' @ error/constitute.c/WriteImage/1037.

Any help would be appreciated!

5 Answers

Voted

vanadium · Answer 1 · 2018-10-09T01:00:19+08:00

convert is a powerful command line tool to convert graphics. Its support for PDF is provided by Ghostscript. Because of a significant security hole in Ghostscript prior to version 9.24, use of convert on PDF files has been blocked as a stopgap. The issue has been fixed since Ghostscript version 9.24. While Ghostscript versions are updated to secure versions in all supported Ubuntu versions (at this time from Ubuntu 16.04 onwards), the usage restriction may still be in place.

The policy file is /etc/ImageMagick-6/policy.xml. You may edit that file as root user to change the policies.

Eliminating all usage restrictions

For desktop users not running a webserver, simply eliminating these restrictions might be good enough. To that aim, one may delete the file, but it is better practice to "move the file out" by renaming it. With this command, you are renaming the file. As a result, all policies are lifted, but you still can revert if needed:

sudo mv /etc/ImageMagick-6/policy.xml /etc/ImageMagick-6/policy.xmlout

To revert to the original situation, just rename back to the original name:

sudo mv /etc/ImageMagick-6/policy.xmlout /etc/ImageMagick-6/policy.xml

Be well aware that moving the policy file out decreases system security.

Eliminating only the restriction to combine into PDF

For your specific case, gene_wood in a comment pointed to the posibility to selectively relax the policy for working with PDF files by commenting out one line:

<policy domain="coder" rights="none" pattern="PDF" />

Edit the file, and place comment marks around this line to disable this rule:

If you do not want to eliminate all security policies, this is the way to go.

abu_bua · Answer 2 · 2018-10-20T11:01:26+08:00

abu_bua

2018-10-20T11:01:26+08:002018-10-20T11:01:26+08:00

As vanadium posted, you have to change the ImageMagick policy.

sudo vim /etc/ImageMagick-6/policy.xml

and replace the line

<policy domain="coder" rights="none" pattern="PDF" />

with

<policy domain="coder" rights="read|write" pattern="PDF" />

If you only want to allow write, and not read, you can also erase the read| part in the line above.

BTW, for those who are interested about the ImageMagick vulnerability, here are 2 informational links:

100

ssokolow · Answer 3 · 2020-02-16T05:37:09+08:00

Rather than re-loosening ImageMagick's security restrictions, I'd just use img2pdf.

It's specifically designed for this kind of use-case.

You should use img2pdf if your priorities are (in this order):

always lossless: the image embedded in the PDF will always have the exact same color information for every pixel as the input

small: if possible, the difference in filesize between the input image and the output PDF will only be the overhead of the PDF container itself

fast: if possible, the input image is just pasted into the PDF document as-is without any CPU hungry re-encoding of the pixel data

Conventional conversion software (like ImageMagick) would either:

not be lossless because lossy re-encoding to JPEG

not be small because using wasteful flate encoding of raw pixel data

not be fast because input data gets re-encoded

Another advantage of not having to re-encode the input (in most common situations) is, that img2pdf is able to handle much larger input than other software, because the raw pixel data never has to be loaded into memory.

This should be the equivalent command:

img2pdf --out myfile.pdf /home/bill/TempScan/*.png

If, for some reason, you can't do that (eg. can't install new packages), another potential avenue for lossless conversion would be to convert your images into a multi-page TIFF file and then use tiff2pdf from the libtiff tools.

Antonin GAVREL · Answer 4 · 2019-11-03T04:59:33+08:00

Antonin GAVREL

2019-11-03T04:59:33+08:002019-11-03T04:59:33+08:00

Solution of abu_bua's solution really worked well for me. For convenience here in one command line with sed:

sudo sed -i 's/rights="none" pattern="PDF"/rights="read|write" pattern="PDF"/g' /etc/ImageMagick-6/policy.xml

8

Darren Hicks · Answer 5 · 2020-07-23T12:56:55+08:00

Darren Hicks

2020-07-23T12:56:55+08:002020-07-23T12:56:55+08:00

Here's an even more convenient way that automatically gets the location(s) of the policy.xml file(s) and performs the search/replace on them all:

for file in `convert -list policy | grep "Path:" | grep -v built | sed 's/Path: \(.*\)/\1/g'`; do sed -i 's/domain="coder" rights="none" pattern="PDF"/domain="coder" rights="read|write" pattern="PDF"/g' $file; done

3

Trouble with batch conversion of .png to .pdf using convert

How to install Google Chrome

Is there a command to list all users? Also to add, delete, modify users, in the terminal?

How to delete a non-empty directory in Terminal?

How to unzip a zip file from the Terminal?

How can I copy the contents of a folder to another folder in a different directory using terminal?

How do I install a .deb file via the command line?

How do I run .sh scripts?

How do I install a .tar.gz (or .tar.bz2) file?

How to list all installed packages

Unable to lock the administration directory (/var/lib/dpkg/) is another process using it?