I use ImageMagick on ubuntu-16.04 for converting pdf file into png image.
Recently, converting stop woking, because package imagemagick-common added <policy domain="coder" rights="none" pattern="PDF" /> to policy.xml file in /etc/ImageMagick-6/policy.xml
I don't want to change /etc/ImageMagick-6/policy.xml to enable PDF, because this file belongs to package and another update could rewrite this file again
$dpkg -S /etc/ImageMagick-6/policy.xml
imagemagick-common: /etc/ImageMagick-6/policy.xml
I create configuration file in home directory
$ cat ~/.config/ImageMagick/policy.xml
<policymap>
<policy domain="coder" rights="read|write" pattern="PDF" />
</policymap>
Seems, like this file was found and loaded:
$ identify -list policy
Path: /etc/ImageMagick-6/policy.xml
...
Policy: Coder
rights: None
pattern: PDF
...
Path: /home/vasiliy/.config/ImageMagick/policy.xml
Policy: Coder
rights: Read Write
pattern: PDF
But it doesn't help.
not authorized exception is raised.
How to force ImageMagic to prefer ~/.config/ImageMagick/policy.xml settings vs /etc/ImageMagick-6/policy.xml setting? Or can I use some other solution to allow PDF read|write ?
I've the same issue like you. By a security update ImageMagick now disallows PDF processing by default. The underlying vulnerability in ghostscript (https://www.kb.cert.org/vuls/id/332928) is already fixed but the default config is not yet changed back.
I did some experiments with ~/.config/ImageMagick/policy.xml and found out that this config is actually used and working. BUT you can't allow things that are disabled globally. You can only add further restrictions to your users processes.
So my suggestions:
/etc/ImageMagick-6/policy.xmlUPDATE:
When using #1 you should make sure to not break your automatic updates. Maybe this will help you finding a solution: https://unix.stackexchange.com/questions/138751/unattended-upgrades-and-modified-configuration-files