Reputation: 183
rabbitmq mqtt user permissions "Configure regexp"
I have RabbitMQ server 3.8 running which includes topic permissions for mqtt clients. My question is what is the best "Configure regexp" permission to stop a mqtt authenticated user from creating as many queues as they like? The RabbitMQ user permissions mentions having ".*" for Configure/write/read but doesn't this permit the same credentials to be used on an AMQP connection and then that user can configure anything on the exchange?
I have tried restricting "Configure regexp" to ^mqtt-subscription.* which is part way there but that doesn't stop a user from creating unlimited mqtt-subscription-nnnnnnn queues if they wanted to. I'd like them to not be able to create any queues and just be permitted to publish and subscribe on ^({username}..*)$ as per my settings for topic permissions.
Upvotes: 1
Views: 3349
Answers (1)
Reputation: 183
I think I have the answer for those that may find it helpful. I set the Configure regexp for the user to ^([amq.topic].*)$ and Write Read to .* This combined with a topic permissions of write/read ^({username}..*)$ appears to be doing the job.
Upvotes: 2
Related Questions
- RabbitMQ user permission format
- RabbitMQ access refused when publishing message - how to give user permission for specific queue?
- How to set multiple patterns in RabbitMQ policy
- Permissions that need to be assigned for a RabbitMQ monitoring user
- Define RabbitMQ policies in configuration file
- rabbitmq-plugins failed to run as rabbitmq user
- Rabbitmq ignores configuration on Ubuntu 12
- Rabbitmq MQTT topic rights
- Not able to connect to RabbitMq server using a particular user
- Rabbitmq configuration problems (Doesn't read config file)