I've been developing a web app with the intention of eventually making it available as a VM on AWS and Azure. One of the challenges I'm not sure how to deal with is providing the user a way of being able to configure various parameters without giving them admin type permissions. As an example I am running the LDAP module and the user will need to change the Active Directory domain to their own domain name and the name servers to their own DNS servers. Another example would being able to set the SMTP settings to their own email accounts/servers etc. There are quite a few other customizable options they will also need to be able to tweak.
I would like to have a Control Panel of sorts where just the various fields they need to modify are all in one area/page which I can secure. I could probably do it with a SQL script or with a Bash script but those would need CLI access and I would prefer not to make the CLI available.
How do you guys go about keeping the web server and Drupal config highly secure but allow some partial module config modifications?
Appreciate any thoughts or idea's you have.
Comments
Custom module
You certainly don't want to give CLI-access to untrusted users. That is a major vulnerability.
I create a custom Drupal module that wraps up interaction between the users and the site settings, allowing me to fine-tune that interaction to a T.
- gisle
Thanks Gisle. You make it
Thanks Gisle. You make it sound easy...lol. As a non coder, creating a module for this is probably a little beyond my skill. What do you think about using a web service for it?
It does not make sense
A web service is something remote that interacts with your sité over the web. As the settings you want to change is in the site's own database, I do not understand how that is supposed to work.
- gisle
My thoughts were to use a
My thoughts were to use a free REST tool like Insomnia which I could populate with all the various calls. I could then share the profile which a client could import into their own Insomnia, tailor to their own environment, then run. The server is going to be a virtual machine running on their internal network so the calls wouldn't be going over the Internet.
=*=
How will get the settings from the REST tool into the database?
- gisle
Through a web service.
Through a web service. The Services module in this case.