My simple ACL breaks my Mosquitto broker

My Mosquitto MQTT broker has been working fine in production (Ubuntu) for 2 months. I didn’t have any ACL restrictions yet, so I tried to implement some yesterday. After saving the 2 files (more details below) and restarting the broker, it immediately blew up with the following error messages:

× mosquitto.service - Mosquitto MQTT Broker
Loaded: loaded (/lib/systemd/system/mosquitto.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Sat 2024-09-28 14:31:51 MDT; 29s ago
Docs: man:mosquitto.conf(5)
man:mosquitto(8)
Process: 2804595 ExecStartPre=/bin/mkdir -m 740 -p /var/log/mosquitto (code=exited, status=0/SUCCESS)
Process: 2804596 ExecStartPre=/bin/chown mosquitto /var/log/mosquitto (code=exited, status=0/SUCCESS)
Process: 2804597 ExecStartPre=/bin/mkdir -m 740 -p /run/mosquitto (code=exited, status=0/SUCCESS)
Process: 2804598 ExecStartPre=/bin/chown mosquitto /run/mosquitto (code=exited, status=0/SUCCESS)
Process: 2804599 ExecStart=/usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf (code=exited, status=3)
Main PID: 2804599 (code=exited, status=3)
CPU: 11ms

Here is the only ACL line in my mosquitto.conf file:

acl_file /etc/mosquitto/ezsalt.acl

And here are the full contents of ezsalt.acl:

user ezsaltsensor
topic tele/+/SENSOR
topic cmnd/EZsalt_+/teleperiod

The user ezsaltsensor is the username by which all our devices interact with the broker. There is also a password. These credentialed interactions have been working great; it’s only when I tried to implement this ACL file that everything broke.

Because I created the ezsalt.acl file with the root user, I (at first) thought that the mosquitto process didn’t have permissions to interact with that file. So I changed ownership of that file to the mosquitto user. Tried again, still fails, same errors.

I ran this:

ls -l ezsalt.acl

…and got this:

-rw-rw-r-- 1 mosquitto mosquitto 69 Sep 28 15:03 ezsalt.acl

What am I doing wrong?

Mosquitto version info:

mosquitto version 2.0.11
mosquitto is an MQTT v5.0/v3.1.1/v3.1 broker.

Your topic cmnd/EZsale_+/teleperiod is not a valid topic filter.

Simply speaking, a + sign cannot be used together with other characters on a level.

https://docs.oasis-open.org/mqtt/mqtt/v5.0/mqtt-v5.0.pdf ,
section 4.7.1.3 Single-level wildcard

ckrey - How should that line be modified so it’s valid?

It depends on what you are trying to achieve, I don’t know the topics/messages of EZsalt…

Maybe
topic cmnd/+/teleperiod ?