Permissions to not encourage admin-usage.
Although we do not expect users to edit the various templates which symbiosis ships with this is an option.
The general approach with Symbiosis is that the admin-user is the user that should be used. Unfortunately the file-permissions don't make that easy:
admin@symb:~$ ls -l /etc/symbiosis/
drwxr-xr-x 2 root root 4096 Dec 15 12:23 apache.d
drwxr-xr-x 5 root root 4096 Nov 21 12:18 backup.d
drwxr-xr-x 2 root root 4096 Nov 21 12:18 dns.d
drwxr-xr-x 8 admin admin 4096 Nov 21 12:14 firewall
drwxr-xr-x 2 root root 4096 Dec 15 12:23 monit.d
drwxr-xr-x 11 root root 4096 Dec 15 12:23 test.d
drwxr-xr-x 2 root root 4096 Dec 15 12:23 xmpp.d
On a pristine installation of symbiosis, from our imager, only the firewall directory is correctly writeable. This means that any user who wants to change the Apache template has to become root, for example.