How to make access control of user operations

[Henry John]

Hi, all

    Is there any way to limit that only the designed 'user' or 'client_id' can publish messages to ALL topics, while others can not publish messages on ANY topic?

    Yes, What I need is an operation(publish, subscribe, unsubscribe, ....) privilege, not the privilege on a certain 'topic' .

Regards!

[Doug Meredith]

Take a look in the documentation for ACLs (access control lists). You can control which users can send and receive which topics.

[Doug Meredith]

Oops, I was thinking I was on the Mosquitto list. lol

What I said applies if you are using Mosquitto as your broker. I don't believe the MQTT standard addresses the issue, so it's going to be broker specific.

[Henry John]

Yes, I am using mosquitto. I had seen that It has that setting. But It does not meet my need.  What I want is an ACL to  ALL topics, not some specified single topic or group of topics.

I had made some change on mosquitto to support that, Thanks all the same.

Regards!

在 2015年3月4日星期三 UTC+8上午8:18:16，Doug Meredith写道：

[Doug Meredith]

I'm not sure what you mean. Isn't doing an ACL for "#" all topics?

[Henry John]

I had tried to set ACL on "#", but it seems does not work. What is your config fragment about this? Could you please offer your config text?

Regards!

在 2015年3月7日星期六 UTC+8上午12:53:38，Doug Meredith写道：

[Doug Meredith]

user test1

topic read  #

[Henry John]

That config is not accessable by mosquitto.

Error: Invalid bridge configuration.

Error found at ./mosquitto.conf:507.

Error: Unable to open configuration file.

493 # Topic access is added with lines of the format:

494 #

495 # topic [read|write] <topic>

496 # 

497 # The access type is controlled using "read" or "write". This parameter

498 # is optional - if not given then the access is read/write.

499 # <topic> can contain the + or # wildcards as in subscriptions.

500 # 

501 # The first set of topics are applied to anonymous clients, assuming

502 # allow_anonymous is true. User specific topic ACLs are added after a 

503 # user line as follows:

504 #

505 # user <username>

506 user test1

507 topic read #

Regards!

在 2015年3月9日星期一 UTC+8下午7:42:57，Doug Meredith写道：

[Doug Meredith]

You should probably take this to the Mosquitto list.

[abhinav sharma]

I want to create so many users in the passwordfile, and want that each user read or write data to their own topic.but for this i have to create users in password_file , and define these users in acl file for specified topic.for this kind of activity i need administration task,means one person is delicately assign to this task that add one user in password_file and add entry of that user in acl_file .i want all the process automatically.Means dynamic user and topic creation and update entry in ACL. I am using mosquitto as broker in C#.

[Dominik Obermaier]

Hi Abhinav,

this mailing list is about the MQTT protocol and protocol specific questions, not about the different broker implementations. Best would be to ask this question in the mosquitto mailing list which you can find here:  https://dev.eclipse.org/mailman/listinfo/mosquitto-dev. The mosquitto mailing list ist pretty active so you are more likely to get an answer here. 

-Dominik

On 6 Aug 2015 at 12:59:56, abhinav sharma (abhinav....@gmail.com) wrote:

I want to create so many users in the passwordfile, and want that each user read or write data to their own topic.but for this i have to create users in password_file , and define these users in acl file for specified topic.for this kind of activity i need administration task,means one person is delicately assign to this task that add one user in password_file and add entry of that user in acl_file .i want all the process automatically.Means dynamic user and topic creation and update entry in ACL. I am using mosquitto as broker in C#.

--
To learn more about MQTT please visit http://mqtt.org
---
You received this message because you are subscribed to the Google Groups "MQTT" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mqtt+uns...@googlegroups.com.
To post to this group, send email to mq...@googlegroups.com.
Visit this group at http://groups.google.com/group/mqtt.
For more options, visit https://groups.google.com/d/optout.