My Mosquitto MQTT broker has been working fine in production (Ubuntu) for 2 months. I didn’t have any ACL restrictions yet, so I tried to implement some yesterday. After saving the 2 files (more details below) and restarting the broker, it immediately blew up with the following error messages:
× mosquitto.service - Mosquitto MQTT Broker
Loaded: loaded (/lib/systemd/system/mosquitto.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Sat 2024-09-28 14:31:51 MDT; 29s ago
Docs: man:mosquitto.conf(5)
man:mosquitto(8)
Process: 2804595 ExecStartPre=/bin/mkdir -m 740 -p /var/log/mosquitto (code=exited, status=0/SUCCESS)
Process: 2804596 ExecStartPre=/bin/chown mosquitto /var/log/mosquitto (code=exited, status=0/SUCCESS)
Process: 2804597 ExecStartPre=/bin/mkdir -m 740 -p /run/mosquitto (code=exited, status=0/SUCCESS)
Process: 2804598 ExecStartPre=/bin/chown mosquitto /run/mosquitto (code=exited, status=0/SUCCESS)
Process: 2804599 ExecStart=/usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf (code=exited, status=3)
Main PID: 2804599 (code=exited, status=3)
CPU: 11ms
Here is the only ACL line in my mosquitto.conf file:
acl_file /etc/mosquitto/ezsalt.acl
And here are the full contents of ezsalt.acl:
user ezsaltsensor
topic tele/+/SENSOR
topic cmnd/EZsalt_+/teleperiod
The user ezsaltsensor is the username by which all our devices interact with the broker. There is also a password. These credentialed interactions have been working great; it’s only when I tried to implement this ACL file that everything broke.
Because I created the ezsalt.acl file with the root user, I (at first) thought that the mosquitto process didn’t have permissions to interact with that file. So I changed ownership of that file to the mosquitto user. Tried again, still fails, same errors.
I ran this:
ls -l ezsalt.acl
…and got this:
-rw-rw-r-- 1 mosquitto mosquitto 69 Sep 28 15:03 ezsalt.acl
What am I doing wrong?
Mosquitto version info:
mosquitto version 2.0.11
mosquitto is an MQTT v5.0/v3.1.1/v3.1 broker.