User Management

Vapor provides comprehensive Linux user and group management capabilities through an intuitive web interface. Manage system users, groups, permissions, and SSH access.

Prerequisites

• Root or sudo privileges for user management operations
• Understanding of Linux user/group concepts
• SSH service running (for SSH key management)

Navigating to User Management

1. From the main menu, click on Users
2. The user management interface opens with a list of system users

User Management

User List View

The main view displays all system users with:

• Username: Login name
• UID: User ID number
• Full Name: User's real name
• Primary Group: Main group membership
• Home Directory: User's home path
• Shell: Default shell
• Status: Enabled/Disabled
• Last Login: Most recent login time

Creating Users

Quick Create

1. Click Create User
2. Fill in basic information:
   • Username: Login name (required)
   • Full Name: Real name (optional)
   • Password: Initial password
   • Email: Contact email
3. Click Create

Advanced User Creation

For more control, expand Advanced Options:

Account Settings

• UID: Specific user ID (auto-assigned if empty)
• Primary Group: Main group membership
• Additional Groups: Secondary groups
• Home Directory: Custom home path
• Shell: User's login shell
• Expiry Date: Account expiration

Password Policy

• Force Change: Require password change on first login
• Minimum Days: Between password changes
• Maximum Days: Password validity period
• Warning Days: Before expiration warning
• Inactive Days: Grace period after expiration

Security Options

• Sudo Access: Grant administrative privileges
• SSH Access: Allow SSH login
• Account Locked: Disable login
• Password Disabled: No password authentication

Managing Existing Users

Edit User

1. Click on a username or the Edit button
2. Modify user properties:
   • Personal information
   • Group memberships
   • Shell and home directory
   • Account settings
3. Click Save Changes

Reset Password

1. Click Reset Password in user actions
2. Enter new password
3. Optionally force change on next login
4. Click Reset

Lock/Unlock Account

• Lock: Temporarily disable user login
• Unlock: Re-enable user access
• Preserves user data and settings

Delete User

1. Click Delete in user actions
2. Choose deletion options:
   • Keep Home Directory: Preserve user files
   • Remove Home: Delete all user data
   • Remove Mail Spool: Delete mail files
3. Confirm deletion

User Details

Click on a user to view detailed information:

Account Tab

• Login statistics
• Password age and policy
• Account expiration status
• Shell and environment

Groups Tab

• Primary group membership
• Secondary groups
• Available groups to join
• Group management actions

SSH Keys Tab

• Authorized SSH keys
• Key fingerprints
• Key types and comments
• Add/remove keys

Sudo Access Tab

• Current sudo privileges
• Sudoers file entries
• Command restrictions
• NOPASSWD settings

Activity Tab

• Login history
• Command history (if auditing enabled)
• Failed login attempts
• Session duration

Group Management

Group List

View all system groups:

• Group Name: Group identifier
• GID: Group ID number
• Members: User count
• Description: Group purpose
• Type: System or user group

Creating Groups

1. Click Create Group
2. Enter group information:
   • Group Name: Unique identifier
   • GID: Specific ID (optional)
   • Description: Group purpose
3. Add initial members (optional)
4. Click Create

Managing Groups

Edit Group

1. Click on group name
2. Modify:
   • Group members
   • Description
   • Group password (rarely used)
3. Save changes

Group Membership

Add/remove users from groups:

1. Select group
2. Click Manage Members
3. Add users from available list
4. Remove existing members
5. Click Update

Delete Group

1. Click Delete on group
2. Confirm no users have it as primary group
3. Confirm deletion

SSH Key Management

Viewing SSH Keys

For each user, view:

• Authorized keys list
• Key types (RSA, ED25519, etc.)
• Key fingerprints
• Key comments/labels
• Addition date

Adding SSH Keys

1. Navigate to user's SSH Keys tab
2. Click Add SSH Key
3. Paste public key content
4. Add descriptive comment
5. Click Add

Key Validation

Vapor validates SSH keys:

• Correct format
• Supported key type
• No duplicate keys
• Proper permissions set

Removing Keys

1. Select key to remove
2. Click Remove
3. Confirm removal

Sudo Management

Viewing Sudo Access

Check user's sudo privileges:

• Full sudo access
• Specific command access
• Host restrictions
• NOPASSWD settings

Granting Sudo Access

Simple Sudo

1. Edit user
2. Enable Sudo Access checkbox
3. User added to sudo/wheel group

Advanced Sudo

1. Click Advanced Sudo
2. Configure:
   • Commands: Specific allowed commands
   • Run As: User/group to run as
   • Hosts: Allowed hosts
   • NOPASSWD: Skip password prompt
3. Generate sudoers entry
4. Apply configuration

Sudoers File Management

View and edit sudoers configuration:

• User-specific rules
• Group rules
• Command aliases
• Defaults settings

Bulk Operations

Bulk User Creation

1. Click Bulk Create
2. Upload CSV file or paste data:

   username,fullname,email,groups
   jsmith,John Smith,jsmith@example.com,"users,developers"
   mjones,Mary Jones,mjones@example.com,"users,admins"

3. Map columns to fields
4. Review and confirm
5. Execute bulk creation

Bulk Modifications

1. Select multiple users
2. Choose bulk action:
   • Add to group
   • Remove from group
   • Lock accounts
   • Reset passwords
   • Delete users
3. Confirm and execute

Security Features

Password Policies

Configure system-wide policies:

• Minimum length
• Complexity requirements
• History restrictions
• Expiration settings

Account Monitoring

Monitor user activity:

• Failed login attempts
• Successful logins
• Privilege escalations
• Command execution

Access Control

Manage user access:

• SSH restrictions
• Sudo limitations
• Shell restrictions
• Home directory permissions

Integration Features

LDAP/AD Integration

Connect to directory services:

• Import users from LDAP
• Sync with Active Directory
• Map LDAP groups
• Single sign-on support

Two-Factor Authentication

Enable 2FA for users:

• TOTP support
• Backup codes
• Per-user enforcement
• Recovery options

Best Practices

User Management

1. Principle of Least Privilege: Grant minimal required access
2. Regular Audits: Review user accounts periodically
3. Strong Passwords: Enforce complexity requirements
4. Disable Unused Accounts: Lock or remove inactive users
5. Document Changes: Keep audit trail of modifications

Group Organization

1. Logical Grouping: Create groups by function/department
2. Avoid Over-Privileging: Don't add users to sudo unnecessarily
3. Use Secondary Groups: For additional permissions
4. Regular Review: Audit group memberships
5. Naming Conventions: Use consistent group names

SSH Security

1. Key-Based Auth: Prefer keys over passwords
2. Key Rotation: Regularly update SSH keys
3. Disable Root SSH: Don't allow direct root login
4. Monitor Access: Log SSH connections
5. Restrict Sources: Limit SSH from specific IPs

Troubleshooting

Login Issues

• Check account not locked
• Verify password not expired
• Ensure shell is valid
• Check home directory exists
• Review PAM configuration

Permission Problems

• Verify group membership
• Check file ownership
• Review sudo configuration
• Ensure proper umask
• Check SELinux/AppArmor

SSH Key Problems

• Verify key format
• Check file permissions (600)
• Ensure .ssh directory (700)
• Verify authorized_keys location
• Check SSH daemon config

CLI Commands

Common user management commands:

# User management
useradd username
usermod -aG group username
passwd username
userdel -r username

# Group management
groupadd groupname
groupmod -n newname oldname
groupdel groupname

# View information
id username
groups username
getent passwd username
last username

# SSH keys
ssh-keygen -t ed25519
ssh-copy-id user@host