Why does Mosquitto not apply access lists correctly?

Question

I tried to apply an access list to a user, but Mosquitto always takes the highest access level and apply it.

I tried to apply this:

user roger
topic readwrite device/1/#
topic read device/1/name/

I also tried:

user roger
topic read device/1/name/
topic readwrite device/1/#

In both cases it allows read/write to the topic:

device/1/name/

Am I missing something?

The man page that covers the ACL format doesn't make any comment on the behaviour of overlapping topic patterns, so this may just be undefined behaviour — hardillb, Jun 04 '18 at 14:40

score 1 · Answer 1 · answered Jul 15 '19 at 11:34

device/1/name/ is part of this "topic readwrite device/1/#" you cant enable access to all subtopics and after that disabling one sub topic is not possible :"topic read device/1/name/"

you can try allow one level subtopic to readwrite access

"topic readwrite device/1/+" "topic read device/1/name/subtopic".

you can write and read

"device/1/subtopic"
"device/1/anothertopic"
"device/1/name"

.

but you can only read

"device/1/name/subtopic"

Why does Mosquitto not apply access lists correctly?

1 Answers1