@fln I think we do not fully understand each other.
While I understand the way Directadmin is doing things currently there are a lot of things where I personally disagree with in comparison to previous years and get strongly the feeling that we are being forced to go one route.
I fully understand that there are things that require root access in order to being fixed, like you said if you are being blacklisted. To make more sense of my way of thinking I'll explain a bit what our use-case is.
We are a service provider that do the management of said servers for a customer.
1. Customers buys a VPS or dedicated server from us, including a Directadmin license + Cloudlinux.
2. We install/deploy the server and only give Directadmin login from the admin user to the customer.
3. We do the management of said servers for the customer.
We run a centralized config management system that will set all the correct configs for the server, makes sure certain options are set in Cloudlinux and ensures our scripts are on there so it makes managing the server for us easier.
If a customer has a problem with their server or needs a change to anything, customer contacts us and we make the change if its needed.
All of this time the customer never gets full root access to the server and is only able to login as admin.
Changing web server configs, like you said is a lot less harmfull then having the PHP mode being changed from lsphp to mod_php or php-fpm and run a build for this will break a lot more things. the Cloudlinux PHP selector does not work with mod_php and php-fpm.
Example: We use Cloudlinux and mysql-governor ( cl-MariaDB-10.4 ).
A while back we had a customer that made the change in custombuild to have it install MariaDB 10.6 from the original repositories and ran the build for this, next up we get a ticket from the customer that some things in MySQL are not working correctly anymore. on checking this server we saw cl-MariaDB-10.4 installed and all of its packages + MariaDB-10.6 packages from the normale repo's. You can understand that this will interfere with each other.
Customer blamed us that we broke it all since he had "no root" access. Upon checking the logs we could clearly see that changes where made from within Directadmin.
You could still enable them by chaning CB config, but that would not be something you could do by accident (same like messing up config files).
When someone is saying this it makes me wonder if they ever worked in such an industry as myself. People / customers like to click, they click on everything they see without reading and knowing any consequences that are coming with doing such things. So yes, they are able to f**k this up by accident in some way. And I want to prevent this from even being a option in the first place. Less hassle for everyone and I can have my well earned night sleep.
Having CB being less intrusive is also a option but wont fit our use-case and I think others on the forum as well. Being able to control whether to see / use this from within Directadmin or not would suit us a lot better.