On Mon, Feb 08, 2021 at 03:47:27PM -0500, Alex wrote:
> I still have to consider much of what you've written before I can
> respond, but I wanted to be sure my design was clear here - it's not
> so much that end-users are modifying the config in the same way as
> webmin does, like making changes directly to main.cf, but type in the
> name of a new domain to be added to relay_domains, for example. The
> script then then modifies main.cf to apply that change.
If the goal is to just modify *data* elements in main.cf, and not
structural settings, then in the vast majority of cases specific
data elements can be set via separate files or database tables.
# File with one domain per-line
#
relay_domains = ${config_directory}/relay_domains
# An indexed file with ignored non-empty RHS
#
relay_domains = cdb:${config_directory}/relay_domains
# An LDAP table, with data managed centrally.
#
relay_domains = ldap:${config_directory}/relay_domains.cf
...
As much as possible, avoid pasting user-provided strings directly
into main.cf and master.cf.
For directly editing the files, one might employ a git repository
to which only authorised administrators can push commits, and where
to keep routine changes simple there's separation between a template
for expert users and parameter values applied to the template that
are ideally less error-prone in the hands of less-expert users.
--
Viktor.
