search

eclipse-mosquitto / mosquitto

Eclipse Mosquitto - An open source MQTT broker
https://mosquitto.org
Other
9.1k stars 2.4k forks source link

How to deny writing on specific topic for anonymous users with ACL? #2724

Open ahorn42 opened 1 year ago

ahorn42 commented 1 year ago

Hi,

I want to limit the write access to a specific topic for the anonymous users and allow it only for a known user. Also the anonymous users should be allowed to read and write all other topics.

Can this be archived with ACLs?

I tried the following without success:

# for anonymous users
topic readwrite #
topic read mySensitiveDevice/#

# for user myUserForSensitiveDevices
user myUserForSensitiveDevices
topic readwrite mySensitiveDevice/#

With the config from above the anonymous user can still write on mySensitiveDevice/myData.

I am using mosquitto 2.0.14.

Additionally I would like to add that the documentation at https://mosquitto.org/man/mosquitto-conf-5.html#idm44 could be improved, there isn't explained how different ACLs might overwrite each other (beside that deny overrules the others).

Thanks in advance and best regards!

DerHerrW commented 6 months ago

I try the same without success so far.