How to stop users from accessing the backend source code running on server

root server permissions administration lubuntu

I wanted to distribute the server side code (Node.js) to some of my users for hosting purpose, but at the same time I don't want any type of manipulation inside the code. So I have decided to use linux (ubuntu) server and rollout a simple distro by limiting the users not to read or write on the code. but later I am came to know that anyone having physical access to system can reset the root account.


Solution 1:

By design, someone having physical access to the machine can do anything. Even if you use a full disk encryption program like VeraCrypt, this protects only from someone who steals the disk/computer or tries to access it without knowledge of legitimate user. But the legitimate user must have the decryption password to be able to boot the system, so he is still able to do anything.

The only possibility is to remove the source code from the machine at all by using it in compiled form, if such possibility exists for Node.js. There are compilers for example for PHP (Zend Guard) but I don't know something similar exists for Node.js. You have to check.

Related

Permission denied (publickey). while using SCP command
reinstall spamassassin (broken perl)
Backup stops because of claim 'Computer name changed', which is it not true
If $P$ is a regular transition probability matrix then $P^{n^2}$ has no zero element
What is meant by gluing two metric spaces together?
Finite Sets, Equal Cardinality, Injective $\iff$ Surjective.
Example of a non measurable function!
Divisor on curve of genus $2$
Differences between the complex derivative and the multivariable derivative.
recurrence relation with variable coefficients
Integral of an increasing function is convex?
Direct product of Sylow subgroups