Reputation: 18221
Acl file configuration in Mosquitto
I have acl file in my mosquito:
user b
topic read s1#
topic write s1#
topic write s2
topic read s2
pattern write s3_%c#
pattern read s3_%c#
pattern write s4_%c
pattern read s4_%c
pattern write s5_%u#
pattern read s5_%u#
pattern write s6_%u
pattern read s6_%u
Request below to topic s4_abc from client id abc works fine:
mosquitto_pub -h servername -t s4_abc -m "test" -p 1883 -u b -P b -i abc -d
Request below to topic s3_abcA from client id abc fails:
mosquitto_pub -h servername -t s3_abcA -m "test" -p 1883 -u b -P b -i abc -d
Why it fails? I'm expecting that pattern s3_%c# means any phrase in topic after "s3_abc" is OK.
Upvotes: 1
Views: 2920
Answers (1)
Reputation: 59791
You topics & patterns in the ACL file are not valid, they need to have a / between the wildcard characters.
Wildcards only match whole topic segments.
The same is also true for the %u and %c
From the mosquitto.conf man page:
The patterns available for substition are:
%c to match the client id of the client %u to match the username of the client. The substitution pattern must be the only text for that level of hierarchy. Pattern ACLs apply to all users even if the "user" keyword has previously been given.
Example:
pattern write sensor/%u/data
Allow access for bridge connection messages:
pattern write $SYS/broker/connection/%c/state
Upvotes: 1
Related Questions
- Mosquitto - How to authorize only one device in the network?
- Mosquitto conf restricting unauthorized connection to broker
- mosquitto ACL to restrict client
- Mosquitto-auth-plugin ACL for subscription
- How to configure mosquitto's ACL without mosquitto_passwd when installed with snap?
- How to perform acl check with mosquitto-auth-plugin
- Access control in Mosquitto MQTT Broker
- mosquitto - disable subscribing without authorization
- Using mosquitto native acl file along with an auth plug-in
- Mosquitto auth plug in ACL check wont get called for subscriptions