How to stop users from accessing the backend source code running on server

I wanted to distribute the server side code (Node.js) to some of my users for hosting purpose, but at the same time I don't want any type of manipulation inside the code. So I have decided to use linux (ubuntu) server and rollout a simple distro by limiting the users not to read or write on the code. but later I am came to know that anyone having physical access to system can reset the root account.


Solution 1:

By design, someone having physical access to the machine can do anything. Even if you use a full disk encryption program like VeraCrypt, this protects only from someone who steals the disk/computer or tries to access it without knowledge of legitimate user. But the legitimate user must have the decryption password to be able to boot the system, so he is still able to do anything.

The only possibility is to remove the source code from the machine at all by using it in compiled form, if such possibility exists for Node.js. There are compilers for example for PHP (Zend Guard) but I don't know something similar exists for Node.js. You have to check.