Wikipedia is your friend here. Read about SELinux, MACs (mandatory access
controls), DACs (discretionary access controls), Apparmor and other
implementations.
Basically it's a system to try and limit the capabilities of users and
programs to the smallest subset they need.
These things get very complex very fast. However that's not to say
impossible, if you don't mind doing a lot of reading you can do it.
And whether it is worth it is another thing. :) Of course in the industry and
other places where highest security is required these systems are
(supposedly) used.