Mosquitto Build Android Push Service (iv) Mosquitto Server user login and permissions configuration

article steel to:

1, multi-User configuration of the server

2, according to different users to give different permissions

One, Mosquitto user mechanism

Multiple users can be added in Mosquitto, which allows users to subscribe and publish only by logging on to the server with a user name and password. It can be said that the user mechanism is Mosquitto important security mechanism, enhance the security of the server.

User and permission configuration needs to be modified in 3 places:

1, Mosquitto The most important configuration file mosquitto.conf.

2, Pwfile.example (save user name and password)

3, Aclfile.example (Save permissions configuration)

First to our server add 2 users, a call username password is 1, a call userName2 password is 2

The first step:

Open the Mosquitto.conf file and locate the Allow_anonymous node, which is the function of whether to turn on anonymous user logon, which is true by default.

We need to remove the "#" in front of the allow_anonymous node, and then write false behind it. Anonymous users are not allowed to log on. As follows:

Before modification: #allow_anonymous

Modified: Allow_anonymous False

Step Two:

Locate the Password_file node, the node that tells the server where you want to configure the user to store

Remove the preceding "#" and write the path to the Pwfile.example file in the back, note: is the absolute path. For example:

Before modification: #password_file

Modified: Password_file/etc/mosquitto/pwfile.example (the address is filled in according to the actual location of their files)

Step Three:

Create a user name and password to open a command window. Type: mosquitto_passwd-c/etc/mosquitto/pwfile.example userName

Then type the password 2 times, and the user is created successfully.

-C Create a user

/etc/mosquitto/pwfile.example Create to Pwfile.example file

User name created by UserName

The username user is now created.

Fourth Step:

Create a userName2 user.

In the Command window, type Mosquitto_passwd/etc/mosquitto/pwfile.example userName2

Enter password 2 times, user created successfully

Note: The second input user does not use-C, if the plus-C will overwrite the previously created user.

At this point the user has finished creating.

Open Pwfile.example and look at the results as follows:

Second, Mosquitto authority

Mosquitto permissions are controlled according to TOPCI, similar to directory management. You can set each user's subscription/publishing privileges, or you can set the topic range that each user can access, thus achieving the purpose of permission control.

Here we need to use the 2 users we just created.

The UserName is set to the subscription permission and can only access the "root/123/#" topic.

UserName2 is set to publish permissions and can only access the topic "root/123/#".

It is important to note that if you publish with username it will not be successful, and in turn the subscription with USERNAME2 will not receive any information. Because they have different permissions.

To increase Mosquitto permissions:

Open Aclfile.example and type the following text at the bottom:

User UserName

Topic Read root/123/#

User UserName2

Topic Write root/123#

--------------------------------

Read Subscription permissions

Write Publishing permissions

# wildcard, which indicates all

Save exit.

third, testing

Subscription:

Mosquitto_sub-t root/123/#-U username-p 1

Note that p in:-P is uppercase.

Release:

Mosquitto_pub-t root/123/123-u username2-p 2-m "Hello Word!!!"

You will receive a Hello word message at the end of the subscription. Such as:

Mosquitto build Android Push Service (iv) Mosquitto Server user login and permissions configuration