目录
一、权限插件
# mosquitto.conf
plugin /usr/lib/mosquitto_dynamic_security.so
plugin_opt_config_file /mosquitto/security/dynamic-security.json
# 添加配置文件
touch /mosquitto/security/dynamic-security.json
注意:修改配置文件后需要重启服务
二、账号配置
1、初始化管理员账号
# 初始化管理员账号/密码 admin/admin
mosquitto_ctrl dynsec init /mosquitto/security/dynamic-security.json admin admin
2、基本语法
mosquitto_ctrl <connection options> dynsec <command> ...
# eg: -P password
mosquitto_ctrl -u admin -h localhost dynsec <command> ...
3、默认权限设置
# 设置 DefaultACL 发布为deny
mosquitto_ctrl <options> dynsec setDefaultACLAccess publishClientSend deny
# 设置 DefaultACL 消费为 deny
mosquitto_ctrl <options> dynsec setDefaultACLAccess publishClientReceive deny
# 设置 DefaultACL 订阅为 deny
mosquitto_ctrl <options> dynsec setDefaultACLAccess subscribe deny
# 设置 DefaultACL 取消订阅为 deny
mosquitto_ctrl <options> dynsec setDefaultACLAccess unsubscribe deny
# 获取 DefaultACL
mosquitto_ctrl <options> dynsec getDefaultACLAccess
4、设置客户端
# 创建用户
mosquitto_ctrl <options> dynsec createClient <username> -i <client id>
# 删除用户
mosquitto_ctrl <options> dynsec deleteClient <username>
# 停用用户
mosquitto_ctrl <options> dynsec disableClient <username>
# 启用用户
mosquitto_ctrl <options> dynsec enableClient <username>
# 设置密码
mosquitto_ctrl <options> dynsec setClientPassword <username>
mosquitto_ctrl <options> dynsec setClientPassword <username> <password>
# 添加/删除角色
mosquitto_ctrl <options> dynsec addClientRole <username> <rolename> <priority>
mosquitto_ctrl <options> dynsec removeClientRole <username> <rolename>
# 获取用户信息
mosquitto_ctrl <options> dynsec getClient <username>
# 获取用户列表
mosquitto_ctrl <options> dynsec listClients
5、设置用户组
# 创建用户组
mosquitto_ctrl <options> dynsec createGroup <groupname>
# 删除用户组
mosquitto_ctrl <options> dynsec deleteGroup <groupname>
# 将用户添加到组
mosquitto_ctrl <options> dynsec addGroupClient <groupname> <username> <priority>
# 将用户移除该组
mosquitto_ctrl <options> dynsec removeGroupClient <groupname> <username>
# 将角色添加到组
mosquitto_ctrl <options> dynsec addGroupRole <groupname> <rolename> <priority>
# 将角色移除该组
mosquitto_ctrl <options> dynsec removeGroupRole <groupname> <rolename>
# 设置匿名组
mosquitto_ctrl <options> dynsec setAnonymousGroup <groupname>
# 获取匿名组
mosquitto_ctrl <options> dynsec getAnonymousGroup
# 获取组信息及组下客户端
mosquitto_ctrl <options> dynsec getGroup <groupname>
6、设置角色
# 创建角色
mosquitto_ctrl <options> dynsec createRole <rolename>
# 删除角色
mosquitto_ctrl <options> dynsec deleteRole <rolename>
# 添加角色对应ACL
mosquitto_ctrl <options> dynsec addRoleACL <rolename> <acltype> <topic filter> allow|deny <priority>
# 移除角色对应ACL
mosquitto_ctrl <options> dynsec removeRoleACL <rolename> <acltype> <topic filter>
# 获取角色信息
mosquitto_ctrl <options> dynsec getRole <rolename>
# 获取角色列表
mosquitto_ctrl <options> dynsec listRoles
7、注意事项
# 设置密码如果带特殊字符需要加【双引号】
mosquitto_ctrl -u admin -P admin dynsec setClientPassword admin "Ac#1$3%2Bw2"
8、示例
# 创建用户
mosquitto_ctrl -u admin -P Admin dynsec createClient test test
# 创建组
mosquitto_ctrl -u admin -P admin dynsec createGroup testGroup
# 创建角色
mosquitto_ctrl -u admin -P admin dynsec createRole testRole
# 用户添加角色
mosquitto_ctrl -u admin -P admin dynsec addClientRole test testRole Z
# 用户添加组
mosquitto_ctrl -u admin -P admin dynsec addGroupClient test testGroup Z
# 设置匿名
mosquitto_ctrl -u admin -P admin dynsec setAnonyMousGroup testGroup
# 设置角色添加发送权限
mosquitto_ctrl -u admin -P admin dynsec addRoleACL testRole publishClientSend test/topic/# allow 5