I have been running a Mosquitto MQTT broker in production on Ubuntu for about 7 months. It works great, but is not very secure, beyond password-protection of the broker. I tried enabling the following ACL file today, restarted mosquitto, and suddenly none of my devices could connect:
# Users
user user1
topic write tele/*
topic write stat/*
topic read cmnd/*
user user2
topic readwrite #
topic read $SYS/#
user user3
topic read #
(I changed the names of the users for this post.)
All my devices run a very recent version of Tasmota firmware. When I tried this ACL file on my test broker (same server, different port), everything worked fine.
The tasmota devices send their data via user1. My backend scripts that command the devices to send data using user2.
It wouldn’t be too difficult for someone in possession of a sensor to scan the firmware and grab the password. My objective with the ACL file is for the user used by the devices to only be able to send tele and stat data to the broker, and only read commands. User2 (which the devices know nothing of) should be able to send commands to the devices via the broker–that is an admin user and is powerful. Nobody knows that password but me.
I have these commented-out lines in my ACL file:
# pattern read cmnd/MyCo2/#
# pattern read cmnd/MyCo3/#
# pattern read cmnd/%c/#
# pattern write stat/%c/#
# pattern write tele/%c/#
We have a custom/modded build of Tasmota that should enable those patterns to work, but since not all our sensors are on the latest firmware yet, I have commented all those out. Will any of those work with vanilla Tasmota? Are some of them required? Is this why I lost contact with my devices after enabling my ACL file?
Is there something wrong with my ACL file? What am I doing wrong?
(Our tasmota developer is difficult to get a hold of, and may be unreachable at some point. So I really need to learn and understand broker security for myself.)