convert /home/bill/TempScan/*.png myfile.pdf
gives error message:
convert-im6.q16: not authorized `myfile.pdf' @ error/constitute.c/WriteImage/1037.
Any help would be appreciated!
convertimagemagickpdfpng
convert /home/bill/TempScan/*.png myfile.pdf
gives error message:
convert-im6.q16: not authorized `myfile.pdf' @ error/constitute.c/WriteImage/1037.
Any help would be appreciated!
Best Answer
convert
is a powerful command line tool to convert graphics. Its support for PDF is provided by Ghostscript. Because of a significant security hole in Ghostscript prior to version 9.24, use ofconvert
on PDF files has been blocked as a stopgap. The issue has been fixed since Ghostscript version 9.24. While Ghostscript versions are updated to secure versions in all supported Ubuntu versions (at this time from Ubuntu 16.04 onwards), the usage restriction may still be in place.The policy file is
/etc/ImageMagick-6/policy.xml
. You may edit that file as root user to change the policies.Eliminating all usage restrictions
For desktop users not running a webserver, simply eliminating these restrictions might be good enough. To that aim, one may delete the file, but it is better practice to "move the file out" by renaming it. With this command, you are renaming the file. As a result, all policies are lifted, but you still can revert if needed:
sudo mv /etc/ImageMagick-6/policy.xml /etc/ImageMagick-6/policy.xmlout
To revert to the original situation, just rename back to the original name:
sudo mv /etc/ImageMagick-6/policy.xmlout /etc/ImageMagick-6/policy.xml
Be well aware that moving the policy file out decreases system security.
Eliminating only the restriction to combine into PDF
For your specific case, gene_wood in a comment pointed to the posibility to selectively relax the policy for working with PDF files by commenting out one line:
<policy domain="coder" rights="none" pattern="PDF" />
Edit the file, and place comment marks around this line to disable this rule:
<!-- <policy domain="coder" rights="none" pattern="PDF" /> -->
If you do not want to eliminate all security policies, this is the way to go.