How to add ACL to MQTT AddOn

Hi,

i added the official MQTT add-on and setup different users.
now i want to set up the ACLs so it is impossible to trigger certain switches via MQTT.

can someone show me or link me to a tutorial how to set up ACLs with the Home Assistant add-on?

with kind regards

//EDIT1:

https://github.com/home-assistant/addons/blob/5d21f08245dd0fac4183169fe43848c05547c401/mosquitto/DOCS.md#access-control-lists-acls
seems out of date since the mentioned path is:
/usr/share/hassio/share
and on HAOS there is no hassio folder inside /usr/share/*

see: https://community.home-assistant.io/t/path-mqtt-acl-missing/434464

The folder you are looking for in HAOS is /share/mosquitto

You will need to also install the Samba add-on to access that folder as it with-in a container.

And if I remember correctly you will probably need to create the mosquitto folder by hand.

Hope it’s of help

ok now i am confused ( :

i can acces /share via SSH i can also open it via SCP in case there need to be a file transferred.
why would i need samba? and which container do you reference?

You have never said a thing about your Home assistant system so I took the liberty to guess your system.

It looks like i was wrong.

Oh you are right

and no you are not wrong i run HAOS inside a VM on a Proxmox host.

Well it makes it a bit easier to get to the folder’s that contain the config file’s.
However, SSH/SCP works as well. As long as you are sure your in the HAOS config folders.
But I have a gut felling your actually SSH’ing into something else, maybe the main Docker image?

When using the Samba add-on it will go directly to the HAOS Docker container that has all the config files.

However, if you are in the correct config folder when SSH’ing in then you can follow the steps 2 & 3 from the setup page ( addons/mosquitto/DOCS.md at 5d21f08245dd0fac4183169fe43848c05547c401 · home-assistant/addons · GitHub )

Step2. Create /share/mosquitto/acl.conf with the contents:

acl_file /share/mosquitto/accesscontrollist

Step 3. Create /share/mosquitto/accesscontrollist with the contents:

user addons
topic readwrite #

user homeassistant
topic readwrite #

user [YOUR_MQTT_USER]
topic readwrite #

Step 1 is done with the MQTT-on config through the addd-on page in the web gui.
Step 1 Enable the customize flag

  customize:
    active: true
    folder: mosquitto

Question. When you SSH in, does the folder structure above the Share folder look like?:

addons
backup 
config
media
share
ssh

If yes, you are in the correct location.

i use the Terminal Add-on to enable SSH.
my structure looks like the attached picture.

But i have no clue about docker and no knowledge how to use docker.
Ill try to the link and create the mosquito folder etc to try get it working ( :

//EDIT1:

aaand i fail at the 1 step: Enable the customize flag
where does this belong ? the main configuration.yaml or somewhere else?

steps 2 and 3 where successful (

HAOS is built using Docker Containers (like a disk image) And Docker is a program that manages the containers by starting/stopping the containers/disk image.

However, HAOS hides most of that from the user to make it easier to maintain the system. Because the Docker subsystem is rather complicated. In short you have no need to know Docker when using HAOS. As it’s done for you.

But Docker is good to know

PS I have edited the post above to help with the steps

thanks <3
yeah i know what docker is and tried a few times but i really dont like it so i tend to avoid it.
LXC on the other hand is a dream

tho i love the HAOS approach where i dont need to know anything about docker <3

i now just have to figure out if it worked ^^ → use mqtt explorer with a custom user to check if it works.
And yes it does

thanks @Akriss

now i just have to figure out how mqtt structure works what the difference of tele vs cmnd is an why one device is in 4 different “groups” :'D

all so just that only 2 users can actually control mqtt and to block home assistant from being able to flip my switches :'D