Thank you Craing and Ilya - I now see where I was approaching this from the wrong direction.
The overall framework I'm trying to get happening is to use a supplementary group for the users and files to be maintained outside /etc/postfix and some "simple" glue-scripts to move the modified files into place with the appropriate ownership, mode etc. That should be simple enough to keep (relatively) secure. The point about the dangers of allowing "untrusted" users to tweak things like /etc/postfix/master.cf is a good one too - but that shouldn't be a problem as I'm targetting things like virtual users, relaydomains etc. Regards, Neale.
