First of all, I do not know how Windows Access Control translates into desktop management noticeable by end users in Windows, to draw the analogy you made to the Linux desktop. I had to look it up just to make sure what you meant here.
http://msdn.microsoft.com/en-us/library/aa374860(VS.85).aspx
This explains ACL's and low-level permissions. I will not go into details (because I am not an expert, and plenty on Slashdot can fill in for me here), but I think it is safe to say Ubuntu Linux, Linux, GNU/Linux (hello, flamewar), and most Unix variants have a pretty expressive permissions system. As an advancing n00b, it is enough to keep me locked out of my systems when running in a user account that is not in wheel. If you meant something like Local Group Policy and GPO's in an Active Directory environment (where I have to make my bread and butter), Linux has been making strides in this department. You just need to Google like everyone else.
If you are looking for tools to lock down the Linux desktop(s), particularly GNOME in this example, there is already an active project using tools like gconf (mentioned in a post below), SELinux, and other security utilities to make a locked down kiosk account pretty easy. It is called xguest.
http://docs.fedoraproject.org/selinux-user-guide/f11/en-US/sect-Security-Enhanced_Linux-Confining_Users-xguest_Kiosk_Mode.html
I would love to hear what people have to say about it if they deploy it in the field. It is serious enough for a Red Hat sales engineer to bring it up as a cheap alternative to Windows kiosks I must laboriously lock down with aforementioned local GP and GPO's. SELinux is no joke either, since its development is derived from DoD/NSA research.
http://en.wikipedia.org/wiki/Selinux
That being said, the current Linux solutions, if you figure in NSA/DoD cooperation, are at least as bad as Microsoft products. Only difference is that they are free.
Slashdot Mirror
First of all, I do not know how Windows Access Control translates into desktop management noticeable by end users in Windows, to draw the analogy you made to the Linux desktop. I had to look it up just to make sure what you meant here. http://msdn.microsoft.com/en-us/library/aa374860(VS.85).aspx This explains ACL's and low-level permissions. I will not go into details (because I am not an expert, and plenty on Slashdot can fill in for me here), but I think it is safe to say Ubuntu Linux, Linux, GNU/Linux (hello, flamewar), and most Unix variants have a pretty expressive permissions system. As an advancing n00b, it is enough to keep me locked out of my systems when running in a user account that is not in wheel. If you meant something like Local Group Policy and GPO's in an Active Directory environment (where I have to make my bread and butter), Linux has been making strides in this department. You just need to Google like everyone else. If you are looking for tools to lock down the Linux desktop(s), particularly GNOME in this example, there is already an active project using tools like gconf (mentioned in a post below), SELinux, and other security utilities to make a locked down kiosk account pretty easy. It is called xguest. http://docs.fedoraproject.org/selinux-user-guide/f11/en-US/sect-Security-Enhanced_Linux-Confining_Users-xguest_Kiosk_Mode.html I would love to hear what people have to say about it if they deploy it in the field. It is serious enough for a Red Hat sales engineer to bring it up as a cheap alternative to Windows kiosks I must laboriously lock down with aforementioned local GP and GPO's. SELinux is no joke either, since its development is derived from DoD/NSA research. http://en.wikipedia.org/wiki/Selinux That being said, the current Linux solutions, if you figure in NSA/DoD cooperation, are at least as bad as Microsoft products. Only difference is that they are free.