What I want to do is to allow_anonymous true and block unauthenticated users to certain topics.
I've tried the following but it doesn't seem to work as an anonymous client can still connect.
# anonymous users
topic deny /my/topic
# other topics should be fine...
user special
topic readwrite /my/topic
The following example works as intended:
mosquitto.conf
allow_anonymous true
password_file passwd
acl_file acl
listener 1883 0.0.0.0
acl
topic deny foo
topic read #
user user
topic readwrite #
passwd
user:$7$101$efdj3nwLSpxELFhx$wB9Hls8c26//DFQdGMxb1gQt1muwNmdCMsbb1EZZjOV7Nc+fpTPVn9avsQQU2TF0gkJ3wXZjoltWrSAhSDLY2g==
anonymous user subscribed to both foo and bar topics
mosquitto_sub -v -t foo -t bar
bar test-bar
authenticated user publishing to both foo and bar topics
mosquitto_pub -u user -P secret -t foo -m test-foo
mosquitto_pub -u user -P secret -t bar -m test-bar
As you see the anonymous user only sees messages on the bar topic