How can I restrict publishing to only selected users on a Mosquitto MQTT broker?
I want some users to be able to subscribe, some other users to be able to publish and I need these two groups of users separated.
I know there is an authorization control that allows access with username:password. But it is not clear to me how to assign roles to users.
If there are no such role assignments, is setting different ports for publishers and subscribers possible?
The man page for the mosquitto config file covers all this.
The acl_file
option specifies the file that holds the ACL list. The file contains groups of entries that control access to either a topic or pattern to match against a topic. e.g.
user user1
topic read foo/bar
user user2
topic readwrite foo/bar
This allows user1
to read from topic foo/bar
and allows user2
to both read and write to the topic.
The password_file
option can be used to specify the file to find username/password mappings. This file is edited with the mosquitto_passwd
command, here is it's man page.
Both these options can be replaced by a plugin that provides an API to authenticate and authorize users. At the moment there is only one publicly available plugin that supports multiple different database backends to store user/acl data. You can find it here
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With