Alex wrote: > Yes, it's a web front-end, using apache and php-fpm. > It's written using laravel and PHP.
It relieves me (Whew!) that it is not using WP which historically has had deep security vulnerabilities quite often. And therefore in the situation you are proposing would be a likely stepping stone, cascading into whole system vulnerabilities. > I figured that if main.cf was owned by root and group writable, the > regular user would be able to edit it, then use sudo to reload/restart > when necessary. Apache is running as user "apache" while the php-fpm > user is "developer". The developer account is not in the same group as > the apache user. > > This is the age-old problem with having a web-based application. Yes. [[ And I have a mental model that databases are often used as a layer to adapt between the two different user account permission systems. ]] It seems to me that if you have confidence in the security of your web UI application that it could safely use sudo to edit, modify, install, updated configuration files. Assuming that the processes that do this are data "taint" safe and sufficiently paranoid. And then also use sudo to reload postfix after having changed those files. In which case the files would remain owned by root:root and the interface to modifying them would use sudo. The ultimate security of the system would still rest with the security of the web UI. This still leaves me curious as to the need for this management interface. Setting up the Apache, PHP-FPM, Laravel, and associated web management framework, and sudo, on the system natively would be more complex than setting up Postifx natively. Bob
