Saturday, April 25, 2020

How to remove passwords from PDF files

Recently, a financial institution emailed me a password-protected PDF file. Handling such PDFs was a nuisance. First, I had to call them to obtain the password. Second, because that was a file I'd like to access in the future, I needed to record the password, unless … I could somehow remove the password from the PDF file.

This post outlines several ways to remove a password from a PDF.


pdftk is my go-to tool for manipulating PDFs. To save a password-protected PDF into a new file, without the password, simply execute a command like this:

$ pdftk MyInput.pdf input_pw PASSWORD output MyOutput.pdf
WARNING: The creator of the input PDF:
   has set an owner password (which is not required to handle this PDF).
   You did not supply this password. Please respect any copyright.

You can safely ignore the warning message.

An encrypted PDF file can have up to 2 passwords, the user password and the owner password, with the latter having more privileges. Either password will let you perform the operation, although pdftk prefers the owner password if the PDF has one. If you did not create the original PDF, most likely, the password given to you was the user password. Hence the warning.

Security conscious users would balk at specifying the plain-text password on the command line. Specifying the do_ask parameter allows you to enter the password via standard input.

$ pdftk MyInput.pdf output MyOutput.pdf do_ask


An alternative solution is to use qpdf. For instance,

$ qpdf --decrypt --password=PASSWORD -- MyInput.pdf MyOutput.pdf

Note that the marker -- is used to separate the options from the input and output filenames.

To hide the password from the command line, specify the @- argument, which enables you to enter arguments via standard input. When prompted, enter --password=PASSWORD.

$ qpdf --decrypt @- -- MyInput.pdf MyOutput.pdf

Alternatively, you can specify the password inside a file, for instance, @/home/peter/arguments.txt. Note that the filepath is appended to the single character @. The file contains the line --password=PASSWORD.

$ qpdf --decrypt @/home/peter/arguments.txt -- MyInput.pdf MyOutput.pdf


This solution is more involved than the first 2: first convert the PDF to Postscript, and then back to PDF. I include it here to show an alternative approach, and it is probably not something you will actually do.

  1. To convert it to Postscript:
    $ pdftops -upw PASSWORD MyInput.pdf
    Note that -upw refers to the user password. If you have the owner password instead, replace -upw with -opw.
  2. To save it back to PDF:
    $ ps2pdf MyOutput.pdf

Thursday, April 9, 2020

inxi: the Swiss Army knife for displaying Linux sysinfo

Do one thing and do it well - the Unix philosophy

inxi is the antithesis of the above venerable Unix philosophy. Many excellent tools exist for providing aspects of system and hardware information —lsb_release, uname, lshw, lscpu, lspci, lsusb, dmidecode, uptime, free, ip, parted, acpi, etc. Some of those tools may even report more details than inxi, but there is a definite advantage for using inxi—with just 1 command, you can see at a glance a machine's overall hardware and system configuration and real-time status.

System administrators and technical support engineers work with many machines, often at the same time. inxi enables them to quickly get a broad system configuration overview and assess the current machine status before doing maintenance or troubleshooting.

The tool organizes the machine data into the following categories:
  • System (hostname, kernel, 64-/32-bit, desktop…)
  • Machine (model, serial #, BIOS…)
  • CPU (model, speed…)
  • Graphics
  • Audio devices
  • Network devices
  • Drives
  • Partitions
  • USB devices
  • Sensors (temperatures, fan speed…)
  • Repositories
  • Real-time status (# processes, uptime…)


To install inxi on Debian buster,

# apt update && apt install inxi

Dependency checking

inxi calls numerous helper programs to do the actual work, not all of them may be pre-installed. Run the following inxi command (as non-root user) to test what is potentially missing on your system:

# inxi --recommends
Test: recommended system programs:
ipmitool: -s IPMI sensors (servers)........... Missing
ipmi-sensors: -s IPMI sensors (servers)....... Missing
The following recommended system programs are missing:
Program: ipmitool ~ Install package: ipmitool
Program: ipmi-sensors ~ Install package: freeipmi-tools

Note that the checking does not take into consideration whether your system actually supports the use of the helper programs. For instance, the 2 missing programs above (ipmitool and ipmi-sensors) only apply to servers. In this example, the target machine is not a server and does not support IPMI, so I did not install the recommended programs.

You must judge the merits of installing each helper program reported missing.


Root or non-root

You can run inxi as either root or a regular user. Certain output is restricted to root only, e.g., the motherboard serial number and detailed RAM data.


Although you can run inxi without any argument to get basic CPU and memory information, I'd recommend running it with -F.

-F is for Full, and is a shorthand for specifying all uppercase letter arguments (with some exceptions).

For instance, specifying -F automatically includes -P, but not -p. The uppercase argument -P shows partition information for the basic partitions: /, /boot, /home, etc. The lowercase letter argument -p includes snap partitions created when installing software using snap.

# inxi -Fxxxz

inxi output may contain IP addresses, MAC addresses, serial numbers—data that can uniquely identify the target system. If privacy is an issue, specify the -z flag to filter out private data from the report. Note that the default is to display the aforementioned data.

You can dial up the level of details in inxi output using the -x flag. Optionally specify up to 3 increasing levels of details: -x, -xx, and -xxx.


If you want more details than what the -F option gives you, you can specify additional arguments to focus on specific aspects of your system.

# inxi -Fxmip -t --usb

The following is my favourite subset of the available arguments.


inxi -F only displays data about hard disk drives. To include optical/DVD drives, specify -d.


Default -F output hides the IP addresses for your network interfaces. To display IP, add -i.


The -m argument reports data about individual memory slots.


-F only reports standard partitions (/etc, /home, /opt…) and swap partitions. -p displays all mounted partitions, including partitions created by snap.


This argument reports software package repository information.


By default, -t displays the top 5 memory- and CPU-using processes. You can restrict to CPU or memory only, and adjust the number of processes reported. For instance, to display the top 10 memory-using processes, specify -tm10; top 10 CPU-using processes, -tc10.

Separate -t from other arguments(or add it to the end of an argument chain); otherwise inxi may return a syntax error.

# inxi -Fxmip -tc10


--usb displays USB device information.

Make it pretty

You can choose a color theme for inxi output. The argument is -c followed by a value between 0 and 42 inclusive, corresponding to the color theme.

Using the -c95 argument, you can preview the list of available color themes and then select one for the current inxi command.

# inxi -Fx -c95