I am working with mosquitto 1.3.5 and its pretty exciting.
Now configuring ACL to control access to topics,
I am trying to configure it so that per-user access is denied
unless an entry explicitly appears in the ACL. In other words
a default policy to block access.
I am using explcit logins having set up password file.
mosquitto.conf allow_anonymous is false.
Thus any publisher or subscribe client must have an explicit user/pass authorized.
This works fine, now here is the ACL file:
# there are no anonymous client entries in this ACL
# give username joe RW access to topic xyz
# give username sally RW access to topic abc
for any user other than joe and sally the objective is to deny access.
Yet it appears that other usernames, for example bob,
can access topics xyz and abc, unless there is a record for bob in the ACL.
In other words bob has wildcard access to any topic unless bob is blocked
by adding an ACL entry like this:
# block bob from any access
# or an alternative way to block bob
However, as a project scales up the burden of adding ACL records for each user
could be hard to manage.
Am I missing something here? Is there a way to configure a default ACL policy
to grant or block?