From 15dd6dba7ea30c0f44dbe8e190a8ff5202cde087 Mon Sep 17 00:00:00 2001
From: Matt White <matt@hardac.co.uk>
Date: Thu, 14 Jun 2018 23:38:58 +0100
Subject: [PATCH] Add section on Mosquitto ACLs (#5542)

* Add section on Mosquitto ACLs

* Fix typo
---
 source/_addons/mosquitto.markdown | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/source/_addons/mosquitto.markdown b/source/_addons/mosquitto.markdown
index d6c188355ce..2150b1a3080 100644
--- a/source/_addons/mosquitto.markdown
+++ b/source/_addons/mosquitto.markdown
@@ -18,7 +18,8 @@ Set up [Mosquitto](https://mosquitto.org/) as MQTT broker.
   "ssl": false,
   "anonymous": true,
   "logins": [
-    {"username": "testuser", "password": "mypw"}
+    {"username": "testuser", "password": "mypw"},
+    {"username": "testuser2", "password": "mypw2"}
   ],
   "customize": {
     "active": false,
@@ -76,3 +77,22 @@ protocol mqtt
 <p class='note warning'>
 It's recommended that you only open your firewall to the SSL/TLS port (8883) and only use the insecure port (1883) for local devices. Also, disable `anonymous:` and set `logins:`.
 </p>
+
+### {% linkable_title Access Control Lists (ACLs) %}
+
+It is possible to restrict access to topics based upon the user logged in to Mosquitto. In this scenario it is recommended to create individual users for each of your clients and create an appropriate ACL.
+
+See the following links for more information:
+
+* [Mosquitto topic restrictions](http://www.steves-internet-guide.com/topic-restriction-mosquitto-configuration/)
+* [Mosquitto.conf man page](https://mosquitto.org/man/mosquitto-conf-5.html)
+
+Add the following configuration to enable ACLs:
+
+1. Set `customize` flag to `true` in your configuration.
+2. Create a file in `/share/mosquitto` named `acl.conf` with the following contents:
+
+```text
+acl_file /share/mosquitto/accesscontrollist
+```
+3. Create a file in `/share/mosquitto` named `accesscontrollist` and add contents according to your requirements.