|
|
|
Re: Dynamic Security Plugin - persisting in-memory to config file [message #1865439 is a reply to message #1840993] |
Fri, 03 May 2024 12:14 |
Arun J Messages: 6 Registered: April 2021 |
Junior Member |
|
|
Gives Error while saving to Dynamic security plugin config: saying File is not writable - check permissions. I have given mosquitto as owner and tried 0700, 0744, 0766, 0777 - everything to the dynamic security json file. Still it is not working. Using the version 2.0.18.
Similar configuration works well in 2.0.10. Detailed log below when I try "mosquitto_ctrl dynsec setDefaultACLAccess publishClientSend deny"
I virtually ran out of all possible options. Now I am thinking of using older mosquitto version to try this. Any pointers would be great - TIA.
Quote:
2024-05-03T16:42:53: mosquitto version 2.0.18 starting
2024-05-03T16:42:53: Config loaded from /etc/mosquitto/mosquitto.conf.
2024-05-03T16:42:53: Loading plugin: /usr/lib/x86_64-linux-gnu/mosquitto_dynamic_security.so
2024-05-03T16:42:53: Opening ipv4 listen socket on port 7883.
2024-05-03T16:42:53: mosquitto version 2.0.18 running
2024-05-03T16:42:59: New connection from 10.x.x.236:42992 on port 7883.
2024-05-03T16:42:59: New client connected from 10.x.x.236:42992 as auto-ED29EA8A-20AC-1B32-7AF8-A2F135EFC919 (p5, c1, k60, u'admin').
2024-05-03T16:42:59: dynsec: auto-ED29EA8A-20AC-1B32-7AF8-A2F135EFC919/admin | setDefaultACLAccess | acltype=publishClientSend | allow=false
2024-05-03T16:42:59: Error saving Dynamic security plugin config: File is not writable - check permissions.
2024-05-03T16:42:59: Client auto-ED29EA8A-20AC-1B32-7AF8-A2F135EFC919 closed its connection.
[Updated on: Fri, 03 May 2024 12:15] Report message to a moderator
|
|
|
|
Re: Dynamic Security Plugin - persisting in-memory to config file [message #1865481 is a reply to message #1865442] |
Sat, 04 May 2024 06:46 |
Arun J Messages: 6 Registered: April 2021 |
Junior Member |
|
|
I looked at the source file to debug under /plugins/dynamic-security/plugin.c. Noticed the below code - added a copy dynamic-security.json.new and also dynamic-security.json and with 755 permission to the /etc/mosquitto folder the server starts without complaining and is able to write security config to dynamic-security.json. It modifies the permission of this file to 0600 and deletes the .new file. Very weird that these undocumented behavior.
so /etc/mosquitto to have 0755
and add a duplicate dynamic-security.json.new file with 0600 before adding any new configuration.
Quote:
snprintf(file_path, file_path_len, "%s.new", config_file);
mosquitto_log_printf(MOSQ_LOG_ERR,"file_path %s file_path_len %d config_file %s \n", file_path,file_path_len,config_file);
fptr = mosquitto__fopen(file_path, "wt", true);
if(fptr == NULL){
mosquitto_free(json_str);
mosquitto_free(file_path);
mosquitto_log_printf(MOSQ_LOG_ERR, "Error saving Dynamic security plugin config: File is not writable - check permissions.\n");
return;
}
Can someone confirm this behavior is expected?
|
|
|
Powered by
FUDForum. Page generated in 0.04136 seconds