Dynamic Security Plugin | Users and role not add

[kareemkhalil]

i can't add any users or roles in dynamic-security.json file

when i enter command mosquitto_ctrl -u myadmin dynsec createClient testUser it doesn't give my anything except to enter password but when i open the dynamic-security.json i can only find the admin user only

even if i typed a wrong admin password it do the same !!!!

that is my config file, i am using custom config for ports

i was using normal password /mosquitto/passwd and now cmmented this in my custom config

dynamic-security.json file:

[tonkolviktor]

i have the same issue and since this and the #2541 is open for quite a long time I'm wondering if there is a potential workaround that I/we might not be aware of?

Should we downgrade or something like that?

Otherwise I do not understand how the core auth module could be broken for months.........#2764

[truongdnascript]

Any update on it?

[tonkolviktor]

I've gave up on mosquitto, started using this: https://github.com/hivemq/hivemq-community-edition

[tka85]

Same issue. Same solution. Moving to other brokers (emqx and hivemq my candidates for now).

It seems as if Cedalo is only using the OS project as a PR stunt. They are not really contributing back or maintaining it at all. Only interested in their proprietary mosquitto.

[Oppfinnaren]

I had the same error running the mosquitto docker image in Linux. The first mistake was that i hadn't initiated the plugin correctly in mosquitto.conf. This gave a silent error where trying to run any of the commands resulted in a 10 seconds delay followed by the command exiting. I added the following lines in mosquitto.conf and restarted the service to resolve this problem:

per_listener_settings false plugin path/to/mosquitto_dynamic_security.so plugin_opt_config_file path/to/dynamic-security.json

The second problem i had was that mosquitto couldn't access dynamic-security.json, resulting in the user being created but not persisted in mosquitto-config.json. The following error was visible in the log for this problem:

2024-02-20 16:57:40 1708444660: Error saving Dynamic security plugin config: File is not writable - check permissions.

I solved this problem by putting the file in a folder mosquitto could access and by changing so that the user mosquitto was running as the owner of the file.

[vukeurodyn]

I had the same error running the mosquitto docker image in Linux. The first mistake was that i hadn't initiated the plugin correctly in mosquitto.conf. This gave a silent error where trying to run any of the commands resulted in a 10 seconds delay followed by the command exiting. I added the following lines in mosquitto.conf and restarted the service to resolve this problem:

per_listener_settings false plugin path/to/mosquitto_dynamic_security.so plugin_opt_config_file path/to/dynamic-security.json

The second problem i had was that mosquitto couldn't access dynamic-security.json, resulting in the user being created but not persisted in mosquitto-config.json. The following error was visible in the log for this problem:

2024-02-20 16:57:40 1708444660: Error saving Dynamic security plugin config: File is not writable - check permissions.

I solved this problem by putting the file in a folder mosquitto could access and by changing so that the user mosquitto was running as the owner of the file.

Could you help me step by step how you resolved it? This is my mosquitto.conf file, i've added permisions to w/r and have given mosquitto usage rights:

persistence true persistence_location /var/lib/mosquitto/

log_dest file /var/log/mosquitto/mosquitto.log

include_dir /etc/mosquitto/conf.d listener 1883 allow_anonymous false per_listener_settings false

plugin /usr/lib/x86_64-linux-gnu/mosquitto_dynamic_security.so plugin_opt_config_file /etc/mosquitto/dynamic-security.json

I also changed permissions on dynamic-security.json once i created. Still doesn't work :/

[cyub]

I also encountered the same problem. I ran mosquitto broker as the nobody user. Because there is no mosquitto user in my Linux system, the mosquitto broker automatically downgraded to run as the nobody user.

I took the following measures and it worked fine：

1. Please ensure that the mosquitto broker is running as the mosquitto user, or as the root user (not recommended).
2. Please ensure that dynamic-security.json is readable and writable by mosquitto broker.