Hi, i have a doubt, and I hope you can help me with it. If i had to put a system on a machine that is running linux, and this machine is on a client, but the system is mine (i mean our develope and everything), can we set a special user that had access to the folders in wich this system is going to be?, and gave a diferent user to our client, so he will never had acces to that folder. Or crate a Special partitiono some thing like that?, the general idea es that our client will not be able to take our files ans steal our code.
no. if this is the clients server, they will have root access to it.. just as they would the Administrator user on a windows machine. with that account they would always be able to change file/folder permissions and ownership and gain access directly to the files. what language are the files using? are the files plain text or binary? if settings etc are in plain text files so they can be changed, but the actual software part of the system is binary files, then they won't be able to read the code anyway. if the software is in plain text and processed at runtime, eg java, php etc. you're options are to obfuscate and/or encode those files.
This should be possible, but if the client has root password, client can override all protections. Linux and Unix file permissions are given to owner, group and other. Check the files you want to protect have no permission to other, and that the client user id does not belong to the group. I'm sure wikipedia has article on unix file permissions, and plenty of articles in the Internet about same. Some Linux systems have ACL, which allows finer grained permissions.
If your client can only access the frontend, the backend will normally be safe. But as mentioned by our friend, if he has root access, he may access all, so the backend may not be safe and the best to protect your interest is not to give the client root access as well, while encrypting the files in it. This is not the best bu the least you can do if your client insist on using his own machine. Other alternative is to use your own machine or a vps elsewhere, so he cannot have direct access to the machine.
Thanks for all your replays, i might wasn't very clear about this but the idea es that the client doesn't have the root user, we keep that for ourself, and we give the cliente a different user. About the code, is PHP (laravel and react JS), that's is why we are worried to protect our code, because as far as i know all the obfuscator can´t protect the 100% of the code.
ok. so the client doesn't have root access. do they have any login to the machine itself? or just a login for the website? also, do they have physical access to the machine? if so, they could just remove the drive, clone it and remount the drive. once they have the original drive, or a clone of it, mounted in another machine they have root access on, they can see everything. obfuscation isn't complete protection, but it does make it bloody hard to work out what the code's doing. your best bet is probably something like ioncube... as someone on another forum states: IonCube optimizes, obfuscates, and compiles the source code into bytecode. Any attempts to decode it won’t end up being all that useful since you won’t end up with the original source code.
@nhybgtvfr All the client need is a login to de website; But as the machine is not ours because we sell it and is placed on the clients location, so, they can do what you comment on your second paragraph. Our developer team is checking the possibility to use ElectronJS, or something similar, but i was checking is there another way to protect our code.
