Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[mosquitto-dev] ACL default policy deny/grant access


I am working with mosquitto 1.3.5 and its pretty exciting.
Now configuring ACL to control access to topics,
I am trying to  configure it so that per-user access is denied 
unless an entry explicitly appears in the ACL.  In other words
a default policy to block access.

I am using explcit logins having set up password file.
mosquitto.conf  allow_anonymous is false.
Thus any publisher or subscribe client must have an explicit user/pass authorized.

This works fine, now here is the ACL file:

# there are no anonymous client entries in this ACL

# give username joe RW access to topic xyz
topic xyz

# give username sally RW access to topic abc
topic abc

for any user other than joe and sally the objective is to deny access.
Yet it appears that other usernames, for example bob, 
can access topics xyz and abc, unless there is a record for bob in the ACL.
In other words bob has wildcard access to any topic unless bob is blocked
by adding an ACL entry like this:

# block bob from any access

# or an alternative way to block bob

However, as a project scales up the burden of adding ACL records for each user
could be hard to manage.

Am I missing something here?   Is there a way to configure a default ACL policy 
to grant or block?


Back to the top