在v5.3.2版本的EMQX中设置如下ACL规则,希望实现不同用户之间的设备信息不能互相访问,结果是各用户都收不到信息(包括用户自己的设备信息),请问是什么原因?

EMQX
1

ACL规则如下
{allow, {user, “%u”}, publish, [“users/%u/up/#”]}.
{allow, {user, “%u”}, subscribe, [“users/%u/dn/#”]}.
{allow, {user, “%u”}, subscribe, [“users/%u/notification”]}.
{deny, all}.
实际运行结果是各用户均收不到信息(包括自己名下的),请教各位老师,该如何修改?

2

emqx.conf配置如下所示
node
{

  name = "emqx@127.0.0.1"

  cookie = "emqxsecretcookie"

  data_dir = "data"

  }

cluster
{

  name = emqxcl

  discovery_strategy = manual

}

dashboard
{

 listeners.http 
  { 
    
   bind = 18083

   }

}

listener.ssl.external = 8883

Allow anonymous connections (MUST be false in production)

allow_anonymous = false

Authentication configuration

authentication = [
{
backend = “built_in_database”
mechanism = “password_based”
user_id_type = “username”
enable = true
}
]

Authorization configuration

authorization {
no_match = deny
deny_action = ignore

cache {
enable = true
max_size = 32
ttl = 1m
}

sources = [
{
type = file
enable = true
path = “C:/emqx-5.3.2-windows-amd64/etc/acl.conf”
}
]
}

3

ACL 主题方向配反了:你现在只允许发布 users/%u/up/#,但订阅放在 users/%u/dn/#,如果业务消息发在 up,任何客户端都不会收到(包括自己)。

按 v5.3.2 改成最小可用规则(用 ${username} 占位符):

{allow, all, publish, ["users/${username}/up/#"]}.
{allow, all, subscribe, ["users/${username}/up/#", "users/${username}/dn/#", "users/${username}/notification"]}.
{deny, all}.

改完后重载并验证:

  1. 确认实际生效文件是 data/authz/acl.conf(如果你在 Dashboard 改过,EMQX 不再读 etc/acl.conf)。
  2. mqttx 让同一用户名的发布端发 users/<用户名>/up/test,订阅端订 users/<用户名>/up/#,应能立即收到。
  3. 再用另一个用户名订阅 users/<你的用户名>/#,应被拒绝。
4

非常感谢,按照您的指导修改了ACL文件,重载后,现象依旧(除了超级用户,普通用户看不到自己的数据),还请老师帮忙分析是哪里没有设置对

9422a9219f20025a6e4503d9418e8343
9422a9219f20025a6e4503d9418e8343819×481 13.8 KB

1b0d3c0c43674c4e5addb64cd0db75ca
1b0d3c0c43674c4e5addb64cd0db75ca1261×310 28.7 KB

5

如上图所示,尾号4370的用户和3512的用户是超级用户,可以看到数据,普通用户0630看不到自己的数据,如果把ACL文件的最后一句去掉,三个客户端各种都能看到所有数据(但是没有达到每个用户只能看到自己的数据的目的)

微信图片_20260311142304_287_9
微信图片_20260311142304_287_91920×1080 192 KB

6

结论:普通用户现在是 ACL 规则没命中,然后被最后一条 {deny, all}. 拦截了;超级用户会绕过授权,所以看起来“只有超级用户正常”。
先按这个最小规则核对一遍(注意全部使用英文半角引号):

{allow, all, publish, ["users/${username}/up/#"]}.
{allow, all, subscribe, ["users/${username}/up/#", "users/${username}/dn/#", "users/${username}/notification"]}.
{deny, all}.

重点检查 3 件事:

  1. 占位符和引号:必须是 ${username},不能是 %u,也不能是中文引号 “”
  2. 实际生效的授权源:你现在到底在用 file 还是 Dashboard 里的 built-in authorization。不要一边改 acl.conf,另一边实际命中的是别的 source。
  3. 普通用户登录身份:认证 user_id_type = username 时,主题里的 ${username} 必须和登录用户名完全一致(比如 0630)。
    为了快速定位,请贴这 4 段原始文本(不要截图):
  • authorization { ... } 整段配置(尤其 sources 顺序和 no_match
  • 当前生效的 ACL 规则全文
  • 普通用户 0630 的一次 CONNECT / SUB / PUB 客户端参数(username、订阅主题、发布主题)
  • 对应时间段 emqx.log 里 authz debug 相关日志
    你把这几段贴出来

对了,改了要重启哈(如果你不是在 dashboard 上改的话)

7

PS C:\emqx-5.3.2-windows-amd64\bin> .\emqx_ctl conf show authorization
authorization {
cache {
enable = true
max_size = 32
ttl = 1m
}
deny_action = ignore
no_match = allow
sources = [
{
enable = true
path = “data/authz/acl.conf”
type = file
}
]
}

image
image1187×501 24.8 KB

image
image1376×441 47.3 KB

3b90ca80-b6c8-43f3-9e62-58859bbcd80d
3b90ca80-b6c8-43f3-9e62-58859bbcd80d1274×446 58.7 KB

精准追踪日志如下文所示
2026-03-11T15:57:42.365000+08:00 [debug] msg: raw_bin_received, mfa: emqx_connection:when_bytes_in/3(778), peername: 121.228.59.77:10913, clientid: 632419622, bin: 30AC05001531383335313638303336302F3633323431393632327B223330373136223A3530302C223330373130223A302C223330373131223A32322C223330373132223A382C223330373133223A36353531302C223330373134223A36353435382C223330373235223A323433372C223330373137223A323531392C223330373138223A323335352C223330373139223A3136342C223330373135223A3137342C223330373233223A3137342C223330373234223A3137342C223330353938223A302C223330353937223A302C223330353939223A3539302C223330373031223A3231302C223330363739223A31303030302C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223330373939223A367D, size: 687, type: hex
2026-03-11T15:57:42.364652+08:00 [MQTT] 632419622@121.228.59.77:10913 msg: mqtt_packet_received, packet: PUBLISH(Q0, R0, D0, Topic=18351680360/632419622, PacketId=undefined, Payload={“30716”:500,“30710”:0,“30711”:22,“30712”:8,“30713”:65510,“30714”:65458,“30725”:2437,“30717”:2519,“30718”:2355,“30719”:164,“30715”:174,“30723”:174,“30724”:174,“30598”:0,“30597”:0,“30599”:590,“30701”:210,“30679”:10000,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“30799”:6})
2026-03-11T15:57:42.365000+08:00 [warning] msg: cannot_publish_to_topic, mfa: emqx_channel:process_publish/2(641), peername: 121.228.59.77:10913, clientid: 632419622, topic: 18351680360/632419622, reason: not_authorized
2026-03-11T15:57:46.459000+08:00 [debug] msg: raw_bin_received, mfa: emqx_connection:when_bytes_in/3(778), peername: 121.228.59.77:10913, clientid: 632419622, bin: 30B005001531383335313638303336302F3633323431393632327B223330373136223A3530302C223330373130223A302C223330373131223A36353533322C223330373132223A31302C223330373133223A36353531342C223330373134223A36353435372C223330373235223A323433372C223330373137223A323531392C223330373138223A323335352C223330373139223A3136342C223330373135223A3137352C223330373233223A3137352C223330373234223A3137352C223330353938223A302C223330353937223A302C223330353939223A3539302C223330373031223A3231302C223330363739223A31303030302C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223330373939223A327D, size: 691, type: hex
2026-03-11T15:57:46.458652+08:00 [MQTT] 632419622@121.228.59.77:10913 msg: mqtt_packet_received, packet: PUBLISH(Q0, R0, D0, Topic=18351680360/632419622, PacketId=undefined, Payload={“30716”:500,“30710”:0,“30711”:65532,“30712”:10,“30713”:65514,“30714”:65457,“30725”:2437,“30717”:2519,“30718”:2355,“30719”:164,“30715”:175,“30723”:175,“30724”:175,“30598”:0,“30597”:0,“30599”:590,“30701”:210,“30679”:10000,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“30799”:2})
2026-03-11T15:57:46.459000+08:00 [warning] msg: cannot_publish_to_topic, mfa: emqx_channel:process_publish/2(641), peername: 121.228.59.77:10913, clientid: 632419622, topic: 18351680360/632419622, reason: not_authorized
2026-03-11T15:57:50.585000+08:00 [debug] msg: raw_bin_received, mfa: emqx_connection:when_bytes_in/3(778), peername: 121.228.59.77:10913, clientid: 632419622, bin: 30AC05001531383335313638303336302F3633323431393632327B223330373136223A3530302C223330373130223A302C223330373131223A34362C223330373132223A382C223330373133223A36353530392C223330373134223A36353435322C223330373235223A323433372C223330373137223A323531392C223330373138223A323335352C223330373139223A3136342C223330373135223A3137352C223330373233223A3137352C223330373234223A3137352C223330353938223A302C223330353937223A302C223330353939223A3539302C223330373031223A3231302C223330363739223A31303030302C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223330373939223A367D, size: 687, type: hex
2026-03-11T15:57:50.583652+08:00 [MQTT] 632419622@121.228.59.77:10913 msg: mqtt_packet_received, packet: PUBLISH(Q0, R0, D0, Topic=18351680360/632419622, PacketId=undefined, Payload={“30716”:500,“30710”:0,“30711”:46,“30712”:8,“30713”:65509,“30714”:65452,“30725”:2437,“30717”:2519,“30718”:2355,“30719”:164,“30715”:175,“30723”:175,“30724”:175,“30598”:0,“30597”:0,“30599”:590,“30701”:210,“30679”:10000,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“30799”:6})
2026-03-11T15:57:50.585000+08:00 [warning] msg: cannot_publish_to_topic, mfa: emqx_channel:process_publish/2(641), peername: 121.228.59.77:10913, clientid: 632419622, topic: 18351680360/632419622, reason: not_authorized
2026-03-11T15:57:54.615000+08:00 [debug] msg: raw_bin_received, mfa: emqx_connection:when_bytes_in/3(778), peername: 121.228.59.77:10913, clientid: 632419622, bin: 30AC05001531383335313638303336302F3633323431393632327B223330373136223A3530302C223330373130223A302C223330373131223A382C223330373132223A31302C223330373133223A36353530392C223330373134223A36353435332C223330373235223A323433372C223330373137223A323531392C223330373138223A323335352C223330373139223A3136342C223330373135223A3137352C223330373233223A3137352C223330373234223A3137352C223330353938223A302C223330353937223A302C223330353939223A3539302C223330373031223A3231302C223330363739223A31303030302C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223330373939223A327D, size: 687, type: hex
2026-03-11T15:57:54.614652+08:00 [MQTT] 632419622@121.228.59.77:10913 msg: mqtt_packet_received, packet: PUBLISH(Q0, R0, D0, Topic=18351680360/632419622, PacketId=undefined, Payload={“30716”:500,“30710”:0,“30711”:8,“30712”:10,“30713”:65509,“30714”:65453,“30725”:2437,“30717”:2519,“30718”:2355,“30719”:164,“30715”:175,“30723”:175,“30724”:175,“30598”:0,“30597”:0,“30599”:590,“30701”:210,“30679”:10000,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“30799”:2})
2026-03-11T15:57:54.615000+08:00 [warning] msg: cannot_publish_to_topic, mfa: emqx_channel:process_publish/2(641), peername: 121.228.59.77:10913, clientid: 632419622, topic: 18351680360/632419622, reason: not_authorized
2026-03-11T15:57:58.600000+08:00 [debug] msg: raw_bin_received, mfa: emqx_connection:when_bytes_in/3(778), peername: 121.228.59.77:10913, clientid: 632419622, bin: 30B005001531383335313638303336302F3633323431393632327B223330373136223A3530302C223330373130223A302C223330373131223A36353533302C223330373132223A31302C223330373133223A36353530392C223330373134223A36353435342C223330373235223A323433372C223330373137223A323531392C223330373138223A323335352C223330373139223A3136342C223330373135223A3137352C223330373233223A3137352C223330373234223A3137352C223330353938223A302C223330353937223A302C223330353939223A3539302C223330373031223A3231302C223330363739223A31303030302C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223330373939223A367D, size: 691, type: hex
2026-03-11T15:57:58.599652+08:00 [MQTT] 632419622@121.228.59.77:10913 msg: mqtt_packet_received, packet: PUBLISH(Q0, R0, D0, Topic=18351680360/632419622, PacketId=undefined, Payload={“30716”:500,“30710”:0,“30711”:65530,“30712”:10,“30713”:65509,“30714”:65454,“30725”:2437,“30717”:2519,“30718”:2355,“30719”:164,“30715”:175,“30723”:175,“30724”:175,“30598”:0,“30597”:0,“30599”:590,“30701”:210,“30679”:10000,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“30799”:6})
2026-03-11T15:57:58.600000+08:00 [warning] msg: cannot_publish_to_topic, mfa: emqx_channel:process_publish/2(641), peername: 121.228.59.77:10913, clientid: 632419622, topic: 18351680360/632419622, reason: not_authorized
2026-03-11T15:58:02.631000+08:00 [debug] msg: raw_bin_received, mfa: emqx_connection:when_bytes_in/3(778), peername: 121.228.59.77:10913, clientid: 632419622, bin: C000, size: 2, type: hex
2026-03-11T15:58:02.630652+08:00 [MQTT] 632419622@121.228.59.77:10913 msg: mqtt_packet_received, packet: PINGREQ(Q0, R0, D0)
2026-03-11T15:58:02.630652+08:00 [MQTT] 632419622@121.228.59.77:10913 msg: mqtt_packet_sent, packet: PINGRESP(Q0, R0, D0)
2026-03-11T15:58:03.084000+08:00 [debug] msg: raw_bin_received, mfa: emqx_connection:when_bytes_in/3(778), peername: 121.228.59.77:10913, clientid: 632419622, bin: 30AC05001531383335313638303336302F3633323431393632327B223330373136223A3530302C223330373130223A302C223330373131223A32322C223330373132223A382C223330373133223A36353531312C223330373134223A36353435322C223330373235223A323433372C223330373137223A323531392C223330373138223A323335352C223330373139223A3136342C223330373135223A3137342C223330373233223A3137342C223330373234223A3137342C223330353938223A302C223330353937223A302C223330353939223A3539302C223330373031223A3231302C223330363739223A31303030302C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223330373939223A327D, size: 687, type: hex
2026-03-11T15:58:03.083652+08:00 [MQTT] 632419622@121.228.59.77:10913 msg: mqtt_packet_received, packet: PUBLISH(Q0, R0, D0, Topic=18351680360/632419622, PacketId=undefined, Payload={“30716”:500,“30710”:0,“30711”:22,“30712”:8,“30713”:65511,“30714”:65452,“30725”:2437,“30717”:2519,“30718”:2355,“30719”:164,“30715”:174,“30723”:174,“30724”:174,“30598”:0,“30597”:0,“30599”:590,“30701”:210,“30679”:10000,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“30799”:2})
2026-03-11T15:58:03.084000+08:00 [warning] msg: cannot_publish_to_topic, mfa: emqx_channel:process_publish/2(641), peername: 121.228.59.77:10913, clientid: 632419622, topic: 18351680360/632419622, reason: not_authorized
2026-03-11T15:58:06.818000+08:00 [debug] msg: raw_bin_received, mfa: emqx_connection:when_bytes_in/3(778), peername: 121.228.59.77:10913, clientid: 632419622, bin: 30AC05001531383335313638303336302F3633323431393632327B223330373136223A3530302C223330373130223A302C223330373131223A31352C223330373132223A382C223330373133223A36353531322C223330373134223A36353435312C223330373235223A323433372C223330373137223A323531392C223330373138223A323335352C223330373139223A3136342C223330373135223A3137342C223330373233223A3137342C223330373234223A3137342C223330353938223A302C223330353937223A302C223330353939223A3539302C223330373031223A3231302C223330363739223A31303030302C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223330373939223A367D, size: 687, type: hex
2026-03-11T15:58:06.817652+08:00 [MQTT] 632419622@121.228.59.77:10913 msg: mqtt_packet_received, packet: PUBLISH(Q0, R0, D0, Topic=18351680360/632419622, PacketId=undefined, Payload={“30716”:500,“30710”:0,“30711”:15,“30712”:8,“30713”:65512,“30714”:65451,“30725”:2437,“30717”:2519,“30718”:2355,“30719”:164,“30715”:174,“30723”:174,“30724”:174,“30598”:0,“30597”:0,“30599”:590,“30701”:210,“30679”:10000,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“30799”:6})
2026-03-11T15:58:06.818000+08:00 [warning] msg: cannot_publish_to_topic, mfa: emqx_channel:process_publish/2(641), peername: 121.228.59.77:10913, clientid: 632419622, topic: 18351680360/632419622, reason: not_authorized
2026-03-11T15:58:10.837000+08:00 [debug] msg: raw_bin_received, mfa: emqx_connection:when_bytes_in/3(778), peername: 121.228.59.77:10913, clientid: 632419622, bin: 30AB05001531383335313638303336302F3633323431393632327B223330373136223A3530302C223330373130223A302C223330373131223A382C223330373132223A392C223330373133223A36353531322C223330373134223A36353435332C223330373235223A323433372C223330373137223A323531392C223330373138223A323335352C223330373139223A3136342C223330373135223A3137342C223330373233223A3137342C223330373234223A3137342C223330353938223A302C223330353937223A302C223330353939223A3539302C223330373031223A3231302C223330363739223A31303030302C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223330373939223A327D, size: 686, type: hex
2026-03-11T15:58:10.833652+08:00 [MQTT] 632419622@121.228.59.77:10913 msg: mqtt_packet_received, packet: PUBLISH(Q0, R0, D0, Topic=18351680360/632419622, PacketId=undefined, Payload={“30716”:500,“30710”:0,“30711”:8,“30712”:9,“30713”:65512,“30714”:65453,“30725”:2437,“30717”:2519,“30718”:2355,“30719”:164,“30715”:174,“30723”:174,“30724”:174,“30598”:0,“30597”:0,“30599”:590,“30701”:210,“30679”:10000,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“30799”:2})
2026-03-11T15:58:10.837000+08:00 [warning] msg: cannot_publish_to_topic, mfa: emqx_channel:process_publish/2(641), peername: 121.228.59.77:10913, clientid: 632419622, topic: 18351680360/632419622, reason: not_authorized
2026-03-11T15:58:14.818000+08:00 [debug] msg: raw_bin_received, mfa: emqx_connection:when_bytes_in/3(778), peername: 121.228.59.77:10913, clientid: 632419622, bin: 30AC05001531383335313638303336302F3633323431393632327B223330373136223A3530302C223330373130223A302C223330373131223A32392C223330373132223A382C223330373133223A36353530382C223330373134223A36353435302C223330373235223A323433372C223330373137223A323531392C223330373138223A323335352C223330373139223A3136342C223330373135223A3137342C223330373233223A3137342C223330373234223A3137342C223330353938223A302C223330353937223A302C223330353939223A3539302C223330373031223A3231302C223330363739223A31303030302C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223330373939223A367D, size: 687, type: hex
2026-03-11T15:58:14.817652+08:00 [MQTT] 632419622@121.228.59.77:10913 msg: mqtt_packet_received, packet: PUBLISH(Q0, R0, D0, Topic=18351680360/632419622, PacketId=undefined, Payload={“30716”:500,“30710”:0,“30711”:29,“30712”:8,“30713”:65508,“30714”:65450,“30725”:2437,“30717”:2519,“30718”:2355,“30719”:164,“30715”:174,“30723”:174,“30724”:174,“30598”:0,“30597”:0,“30599”:590,“30701”:210,“30679”:10000,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“30799”:6})
2026-03-11T15:58:14.818000+08:00 [warning] msg: cannot_publish_to_topic, mfa: emqx_channel:process_publish/2(641), peername: 121.228.59.77:10913, clientid: 632419622, topic: 18351680360/632419622, reason: not_authorized
2026-03-11T15:58:18.912000+08:00 [debug] msg: raw_bin_received, mfa: emqx_connection:when_bytes_in/3(778), peername: 121.228.59.77:10913, clientid: 632419622, bin: 30AC05001531383335313638303336302F3633323431393632327B223330373136223A3530302C223330373130223A302C223330373131223A322C223330373132223A31302C223330373133223A36353530392C223330373134223A36353434382C223330373235223A323433372C223330373137223A323531392C223330373138223A323335352C223330373139223A3136342C223330373135223A3137342C223330373233223A3137342C223330373234223A3137342C223330353938223A302C223330353937223A302C223330353939223A3539302C223330373031223A3231302C223330363739223A31303030302C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223330373939223A337D, size: 687, type: hex
2026-03-11T15:58:18.911652+08:00 [MQTT] 632419622@121.228.59.77:10913 msg: mqtt_packet_received, packet: PUBLISH(Q0, R0, D0, Topic=18351680360/632419622, PacketId=undefined, Payload={“30716”:500,“30710”:0,“30711”:2,“30712”:10,“30713”:65509,“30714”:65448,“30725”:2437,“30717”:2519,“30718”:2355,“30719”:164,“30715”:174,“30723”:174,“30724”:174,“30598”:0,“30597”:0,“30599”:590,“30701”:210,“30679”:10000,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“30799”:3})
2026-03-11T15:58:18.912000+08:00 [warning] msg: cannot_publish_to_topic, mfa: emqx_channel:process_publish/2(641), peername: 121.228.59.77:10913, clientid: 632419622, topic: 18351680360/632419622, reason: not_authorized
2026-03-11T15:58:23.865000+08:00 [debug] msg: raw_bin_received, mfa: emqx_connection:when_bytes_in/3(778), peername: 121.228.59.77:10913, clientid: 632419622, bin: 30AF05001531383335313638303336302F3633323431393632327B223330373136223A3530302C223330373130223A302C223330373131223A36353532392C223330373132223A392C223330373133223A36353530392C223330373134223A36353435342C223330373235223A323433372C223330373137223A323531392C223330373138223A323335352C223330373139223A3136342C223330373135223A3137342C223330373233223A3137342C223330373234223A3137342C223330353938223A302C223330353937223A302C223330353939223A3539302C223330373031223A3231302C223330363739223A31303030302C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223635353335223A36353533352C223330373939223A377D, size: 690, type: hex
2026-03-11T15:58:23.864652+08:00 [MQTT] 632419622@121.228.59.77:10913 msg: mqtt_packet_received, packet: PUBLISH(Q0, R0, D0, Topic=18351680360/632419622, PacketId=undefined, Payload={“30716”:500,“30710”:0,“30711”:65529,“30712”:9,“30713”:65509,“30714”:65454,“30725”:2437,“30717”:2519,“30718”:2355,“30719”:164,“30715”:174,“30723”:174,“30724”:174,“30598”:0,“30597”:0,“30599”:590,“30701”:210,“30679”:10000,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“65535”:65535,“30799”:7})
2026-03-11T15:58:23.864652+08:00 [AUTHZ] 632419622@121.228.59.77:10913 msg: authorization_module_nomatch, ipaddr: {121,228,59,77}, module: emqx_authz_client_info, pub_sub: [action_type: publish, qos: 0, retain: false], topic: 18351680360/632419622, username: 18351680360
2026-03-11T15:58:23.865000+08:00 [warning] msg: authorization_permission_denied, mfa: emqx_authz:authorize_non_superuser/5(489), peername: 121.228.59.77:10913, clientid: 632419622, topic: 18351680360/632419622, ipaddr: {121,228,59,77}, source: file, username: <<“18351680360”>>
2026-03-11T15:58:23.865000+08:00 [warning] msg: cannot_publish_to_topic, mfa: emqx_channel:process_publish/2(641), peername: 121.228.59.77:10913, clientid: 632419622, topic: 18351680360/632419622, reason: not_authorized
2026-03-11T15:58:25.349652+08:00 [API] 632419622@ msg: trace_stopping,
trace-client-632419622.zip (7.5 KB)
emqxlog.zip (264.6 KB)

8

麻烦把日志压缩后上传一下。

9

image
image758×268 21.5 KB

两个 zip 包都打不开。

不过从最新贴出的原始日志看,根本原因已经比较明确了:,也不是“普通用户收不到订阅”本身,而是普通用户在发布阶段就已经被 ACL 拦截了。**

  1. 当前实际生效的授权源就是 File ACL
    你贴出的 emqx_ctl conf show authorization 显示:

    • sources = [{ enable = true path = "data/authz/acl.conf" type = file }]
    • 这说明当前生效的是 data/authz/acl.conf,不是最开始配置里的 etc/acl.conf
      官方文档也说明:如果通过 Dashboard 或 REST API 修改过 File Authorizer,EMQX 会把新规则保存到 data/authz/acl.conf,并且不再读取原文件:
      ACL 文件 - EMQX 文档

  2. 客户端实际发布的主题,和 ACL 规则设计的主题结构对不上
    你最新日志里已经有明确记录:

    • packet: PUBLISH(... Topic=18351680360/632419622, ...)
    • cannot_publish_to_topic ... topic: 18351680360/632419622, reason: not_authorized

    这说明客户端真正发布的主题是:

    • 18351680360/632419622

    但前面讨论里的 ACL 规则一直是按这种结构写的:

    • users/${username}/up/#
    • users/${username}/dn/#
    • users/${username}/notification

    也就是说,ACL 允许的是 users/... 结构的主题,而客户端实际上发的是 18351680360/632419622 这种结构,因此前面的 allow 规则根本匹配不到。

  3. File ACL 的匹配顺序决定了:前面没匹配上,最后的 deny 会直接拒绝
    官方文档说明,File ACL 是从上到下顺序匹配,一旦命中某条规则,就立即按该规则允许/拒绝,并停止继续匹配:
    ACL 文件 - 匹配顺序说明

    文档同时说明:

    • {deny, all} 是 ACL 文件末尾常用的兜底规则
    • 主题里支持的占位符是 ${username}${clientid},并且必须作为完整的主题层级使用
      参考:
      授权 - 主题占位符

  4. 为什么超级用户正常,而普通用户不正常
    官方文档说明:超级用户会跳过授权检查,优先级是:
    超级用户 > 权限数据 > 授权检查
    所以超级用户即使 ACL 没命中,也能正常发布/订阅;普通用户则会被 ACL 拦截。
    参考:
    授权 - 授权检查优先级

所以:

ACL 规则里配置的主题结构,与客户端实际使用的主题结构不一致。
客户端实际在发 18351680360/632419622,但 ACL 允许的是 users/${username}/...,所以普通用户的发布请求没有命中 allow 规则,最终被 {deny, all}. 拒绝,于是就出现了“普通用户连自己的数据也看不到”的现象。

建议下一步先统一这两件事:

  1. 先确认客户端到底实际使用什么主题格式
  2. 再按这个真实主题格式去写 ACL(而不是继续按 users/${username}/... 去猜)
10

非常感谢EMQX官方的详细解答,如果我客户端是确定 18351680360/632419622这种格式(前面是用户名,后面是设备S/N码),如下设置 ACL规则正确吗?
{allow, all, publish, [“${username}/#”]}.
{allow, all, subscribe, [“${username}/#”]}.
{deny, all}.

11

这个方向对,按你现在的主题格式可以这么配。关键是把no_match 设成 deny,并确认生效文件还是 data/authz/acl.conf
先用这版最小规则:

{allow, all, publish, ["${username}/#"]}.
{allow, all, subscribe, ["${username}/#"]}.
{deny, all}.

如果你的真实业务是“用户名/设备SN”固定两层,建议再收紧,避免误放大权限

{allow, all, publish, ["${username}/+"]}.
{allow, all, subscribe, ["${username}/+"]}.
{deny, all}.

验证方式:

  1. 用户 18351680360 订阅 18351680360/#,自己发布 18351680360/632419622,应通过。
  2. 另一个普通用户订阅 18351680360/#,应被拒绝。
    如果第 2 步没拒绝,把 emqx_ctl conf show authorizationdata/authz/acl.conf 当前全文再贴一下来看看。
12

成功了,按照您的指导,达到了预期目的(1,2验证正确),不同账号之间的设备隔离开了,非常感谢贵司的耐心指导!

PS C:\emqx-5.3.2-windows-amd64\bin> .\emqx ctl conf show authorization
authorization {
cache {
enable = true
max_size = 32
ttl = 1m
}
deny_action = ignore
no_match = deny
sources = [
{
enable = true
path = “data/authz/acl.conf”
type = file
}
]
}

image
image1007×306 20.2 KB

总结一下:我这边对ACL的规则没有理解正确,导致ACL没有正确发挥作用,虽然问了AI,但是有些信息还是贵司给的精准,再次感谢 [zhongwencool]老师的大力支持。

1 个赞