When you mount your vfat partion you can pass a uid and gid option to set the userid and groupid the filesystem will be owned by. You can also set a file and directory permission mask. If the filesystem will be used by several people consider creating a group and adding yourself as a member.
Your fstab should look something like this.
/dev/sdb1 /mnt/v1 vfat noauto,user,uid=blah,gid=blah 0 2
and your mount command would look like this.
mount -t vfat /dev/sdb1 /mnt/v1 -o uid=blah,gid=blah
You may also want to look at installing the pmount package to make mounting filesystem as a user easy.
Answer to questions in the comments.
1) is the fstab necessary also when I
use the mount command?
If you want a user to be able to mount the command without using sudo, then yes.
2) do I have to be root for the mount
command you gave me?
You could remove the noauto from the fstab, and the filesystem will be mounted at boot time. Or as a regular user they can mount with a command like mount /mnt/v1.
3) How do the changes in fstab become
active?
Since you have used noauto, nothing will happen automatically. The entry just allows a user to be able to mount the fileystem.
Short answer: you can't. Ports below 1024 can be opened only by root. As per comment - well, you can, using CAP_NET_BIND_SERVICE, but that approach, applied to java bin will make any java program to be run with this setting, which is undesirable, if not a security risk.
The long answer: you can redirect connections on port 80 to some other port you can open as normal user.
Run as root:
# iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
As loopback devices (like localhost) do not use the prerouting rules, if you need to use localhost, etc., add this rule as well (thanks @Francesco):
# iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 80 -j REDIRECT --to-ports 8080
NOTE: The above solution is not well suited for multi-user systems, as any user can open port 8080 (or any other high port you decide to use), thus intercepting the traffic. (Credits to CesarB).
EDIT: as per comment question - to delete the above rule:
# iptables -t nat --line-numbers -n -L
This will output something like:
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 redir ports 8088
2 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 8080
The rule you are interested in is nr. 2, so to delete it:
# iptables -t nat -D PREROUTING 2
Best Answer
The security mechanism is completely down to permissions on files and programs such as nfsd that run as root (overriding file permissions) and maintain their own security mechanisms. Permissions on the block device files determine whether a user can mount that device. Every file has three sets of permissions (read, write, execute) for three classes of users (owner, group, world), plus a handful of special bits discussed below.
In the 'everything is a file` unix tradition the raw devices and exported volumes appear as special files with file system permissions. Remote mounting remote volumes is a little more complex and is discussed below.
If the user is logged in as the same uid as the owner of the file, then
owner
permissions can be used. Each user has a default group, and can be added to group entries in the/etc/group
file. When a user has access to a group the file permissions for the group are used. Otherwise the user has 'world` permissions. ACL's (Access Control Lists) can be used to grant permissions to specific users where they are available.Programs can override user level security by having the
setuid
bit set on their inode entry. This runs the program with the privileges of the owner of the binary rather than the privileges of the logged in user. Examples of such programs arenfsd
,mount
andsudo
. These programs have their own security mechanisms; for examplesudo
has/etc/sudoers
that is used to govern permissions.mount
andnfsd
work based on uid and gid, which must be in sync on both machines (often traditionally done via NIS). nfsd has a file called/etc/exports
which has the exported file systems and some permissions data. mount and its nfs drivers present credentials which nfsd uses to authenticate the user's right to mount the volume. On a local volume mount uses the file permissions of the block device.