After doing some reading, I see your point with SELinux.

As far as your application/OS comment, it is my understanding that KDE/Gnome is more of an application to Linux but the Windows GUI is more a part of the OS so to speak. I know X is a part of Linux, so don't get me wrong, but many vendors have programs which tie into the Windows API to "magically" implement restriction settings and change the behavior to cater to every businesses' crazy needs when rolling out the desktop across the enterprise. Whereas in Linux, it up to the makers of the desktop to provide features, or of course, since you have access to the code and underlying structure, you can just manually configure it. Luckily, another poster in this thread talked about a configuration tool for Gnome which should do many of the lock-down settings.

Thank for you the help. I will definitely look into this tool.

Yes, they do, I know all about this and do this on a daily basis. But you can't always lock down a particular executable file. First, this may not be practical in the long run because its so low level, but I could be wrong. Second, one executable could have multiple dialogs and functionality inside it. You may want to block particular functions and dialogs/windows in the executable from certain users, but still have them be able to access the other ones in that executable.

Command line permissions give an all or nothing approach, which will not work here.

Yes, I know all about chmod. But should I have to chmod the binaries of the Desktop Environment at such a low level? Is this really the right approach? This seems too low level to administer a desktop environment. Imagine the upkeep on this. Plus, this will not work in all situations. One executable could have multiple modules that you want to restrict certain people from accessing, but still let them access others in that same executable. chmod or SELinux is useless here.

I am already a seasoned veteran on the Unix command line and securing that environment. It's a steep learning curve but I am glad that I learned it many years ago. That doesn't necessarily translate into having a Desktop System, that is not innately part of Linux, being able to be secured in the same way. Hence, the point of this conversation.

Huh wah?? Obviously you must be from a parallel universe, rather uninformed or a clever troll.

I agree with everything you say, but instead I get modded down into the dirt as your obvious statements falsely manifest as being so informative as to incite a Linux/Window war, which wasn't even the intention of my initial statement. You even incited the mods, good job.

Honestly the amount of fine grained control mixed with sudo (neither run-as or UAC are sudo, they impersonate another user rather then privilege escalation) you get with *nix environment is leaps and bounds ahead of Windows.

The fact is, I only use Linux for servers and have been developing, administering, and project managing them for years. I know locking down a Linux server is easier and better than Window box -- in command line mode. However, I was merely trying to get a meaningful conversion started on locking down machines in a GUI environment, which I imagine is a different beast than GUI, which I am less knowlegable about.

Nice try, but I suggest you undertake a bit of a learning curve and you will be enlightened.

I don't know how you even get good karma or not modded as troll for that comment. I am already a knowledgeable system administrator in Linux as well as a seasoned software developer. However, the Linux Desktop has always been having issues over the years to gain any serious ground through a myriad of development problems. Over the past 2 years, it has improved a lot. However, everyone learns how to lock down Linux using the command line. The GUI environments could be a different beast. Sure, you could create groups and modify the actual binaries for Gnome, or KDE. That is obvious to such "enlightened" people such as us. But there needs to be better ways in order for businesses to jump on board. I know, because I deal with the business types all day, and am partly one myself. Hence my comment for a dialog on this situation. It does seem there is hope, as some people have talked about xguest or gconfig. Other people state that it is easy to control using SELinux -- something I always turn off and avoid like the devil. From what I gather, SELinx may be the solution to securing a Linux Desktop, so I will investigate this avenue. Thanks to everyone that left informative and not trollish comments.
So I guess the conversation was a success, as it spread great information about this topic, even though trolls like you somehow are able to get modded so high while my initial posts get buried.

Wow, I am getting flamed here... I am not being trolly at all, just wanted to gain some more knowledge.

I know you can lock down Linux, I use Linux on a daily basis, but I am not that familiar with the desktop part of it, since technically, the desktop is not Linux, but rather part of another package used with the X framework -- that is a part of Linux. I know how to create user accounts and lock-down users completely in CLI mode.

My other point was that its a hindrance, and it will be IMHO, because most companies do not have the expertise to lock down Linux Desktops.. its not as easy. I am checking out the xguest now. It's good to know programs like this exist out there for securing the desktop. There needs to be more. I often wear many hats and learning and configuring SELinux is complicated. I always turn of SELinux myself and secure the machine using standard Linux permissions and IPTables.

I used to work for a company that locked things down so much, that if you wanted to increase the speed of your mouse, you had to call the IT department, LOL.

This is a bit obsessive, but it's their prerogative. Either its not that easy to prevent a user from accessing the mouse control screen in Gnome or KDE, or most administrators are "Windows Trained" and wouldn't know the steps to lock it down (most just run a 3rd party app that does it for them anyway).

I think one of the hindrances for businesses to move to Linux on the desktop is the lack of programs for Linux that allow the complete lock-down of the desktop. In Windows, there are many applications that let you control which users can access different areas in the GUI, well beyond Windows Access Control.
.
I don't know of anything similar in the Linux Desktop Environment to Windows Access Control or the other programs that are out there. Does anyone else?

Yeah, but the problem is literally, when the specialist says "Honestly, after examining you I have no idea what could be causing these symptoms, but let's see what the tests say".

Then later when the tests come in "The tests came back negative, so everything seems OK".

However, you still have the issue. So now the doctors just go with the most probable explanation which is a total educated guess. This is a problem that I imagine we can only solve with sophisticated (futuristic) diagnostic equipment.

I don't see the problem really. All you need to do is collide some anti-matter with normal matter, use the energy to warp space time, and use the curvature to bend light particles to the specific areas of the brain.

You such a pessimist :P

Seriously, we always read on Slashdot the great experimental breakthroughs, but we never really see the applications and doctors don't even know what is wrong with you half the time. Most of the problems I have had and saw a doctor for, they had no real clue what he problem was. Only later did I realize myself what caused the issue, like a certain food or allergic reaction. Medical practioners can't even tell if you have a virus or a bacterial infection, and instead just prescribe antibiotics because the patient demands it (blood tests for this are only semi-accurate, and can give false positives and negatives).

When are we going to see some real "in office" diagnostic technology, or is this just not going to happen in our lifetime?

I just got done watching Mars mission documentary on discovery. It's pretty great. All countries around the globe are spending money to develop different areas (although NASA is really paying the most). I think the current plan is to send Astronauts for an extended stay, more than a year, because they have to wait for Earth to orbit the Sun an come back in alignment again. Building a ship in space needs to be done, and will be a great exercise. Not to mention it will have the first artificial gravity (by rotation). Why does the cost to build a ship have to be huge? I know if will be a lot, but the Russian's are doing it a lot cheaper. As for radiation protection, some ideas are using electromagnetic shields, similar to the Van Allan belts).
This ship can be used on future missions and the food, water, fuel, and buildings set ahead of the astronauts can be used again for future missions -- as we build permanent Mars base.

So that's the plan. Thousands of rovers.. yeah, that's cool, but they are still limited. They don't have the brains, dexterity, or power of a human being. And I am not one of those people that envision humans sitting in their arm chair while robots explore the universe. Sure you could send a robot to Antarctica, but we don't -- we send human's, because it's in our nature (not robots) to explore. It's dangerous, but we do it anyway. The fun is getting out there, into the stars, and we need to take the first steps. Money is nothing, it technically doesn't even exist (except to the tax payers, sigh), but a creature evolving on Earth and being smart enough to leave its mother planet and travel to another one, on a semi permanent fashion, it the next stage of human evolution.

While I agree that commercial space outfits need people, I disagree with your absolutely stated position that humans are not needed in scientific exploration of space. Let's take a look at the Mars Rovers for a great example:

In all their technical ecstasy, they are slow -- they take forever to do any task, whether its to drill an amazing "life finding" 2cm into a rock, or move across the landscape. A simple rock throws them off course and gets them stuck for days while people back on earth, through video cameras, spend weeks trying to get the wheel unstuck in a delayed communications nightmare. Dust storms can completely kill their ability to power themselves, and built up dust diminish the power they can draw from the sun. Advances in AI have been crap in comparison with the other developments in technology. Their "brains" are spread between Mars and Earth and a brain that can think at the speed of light is what we need here... First off, NASA's two Martian orbiters, through which information is relayed to Earth, can only transfer a single megabit of data per second. Worse still, these orbiters only work in 15 minute increments before they must be repositioned -- a process that takes hours. Furthermore, bandwidth is unsurprisingly limited on the Red Planet -- messages between Earth and Mars usually suffer 4 - 20 minutes of lag, depending on the positions of the conversing planets.

People, on the other hand can diagnose and repair computer and equipment problems themselves. They have use of their senses and high developed brains to identify and troubleshoot issues. They have the ability to do "boatloads" more science, like pick up a damned shovel and start digging a 6 foot hole to find fossils... Or simply the ability to pick up a rock with their fingers and look at, or smash it open with a hammer.
Additionally, humans can take samples on Mars back to labs on Mars (which is what the whole Mars/Ares mission will have, as labs and habitable quarters will arrive separately and will be awaiting the astronauts) and analyze things there, with educated humans, instead of using crude tools on robots to analyze some of the most important scientific data to mankind.

I know its more dangerous and sometimes robotic probes and rovers make more sense, but it is just the opposite sometimes... it makes more sense to send a human to do a human's job. On top of that, human's need a challenge to keep us focused and growing in a positive direction, and conquering space with manned ships is a great approach to what we need to do. Giant interplanetary (and eventually intersolor) starships with the ability to house groups of experts to study the science of our planets, the stars, and everything else will do more than any group of robots ever could!

Building Rockets is tricky business. Everyone magically wants results after only 3B? That's chump change... or is it? We have earlier designs that work well so what exactly are they trying to accomplish here that is costing them all this money? Are they trying to increase maintainability/reusablity and use less fuel? Or is this just another rocket? Maybe our space program needs to be more like the modern army... light (as in weight), fast, innovative, and cheap (cheap, lightweight, reusable and mass produced vehicles and launch methods).

Honestly, why don't we go with the Saturn V? Von Braun & NASA developed this great rocket that allowed us to get to the moon (and it's proven to work)... what's wrong with that one?