2

I have finished building a web app which uses the combination PHP,Mysql,HTML and CSS. I am hosting this on apache installed on Ubuntu 12.0 (in the var/www/ as root folder). This means the web app will be hosted locally on the clients Computer.

This also means the client has access to the php files which is located in the var/www/ folder, now the problem here is that, he can directly copy,delete or edit the php files as and when he wants, which is not supposeto be so.

I do not want the client to be able to access the files directly from the folder although he should be able to access the files locally using a browser.

I was thinking if there is a way to hide files from everybody or better still a folder lock which can be only accessed using a password and non password when accessed through the browser.

I can't seem to figure a better solution after a lot of research, I would be grateful if somebody with an idea on this can help. Thanks so much for helping

George
  • 1,086
  • 14
  • 48
  • 5
    There is **NOTHING** you can do. It's the client's computer. They own it. They have FULL control over it, and any fiddling you do with permissions or hiding can be TRIVIALLY undone by them. – Marc B Oct 12 '16 at 21:24
  • Building on what Marc B explained, if you need to keep files private your only option is to put them on a machine your client does not own. There are some extremely cheap VPS options out there which you can use as a standalone web server. Then you can allow your client restricted access to only the parts you want him/her to see – Darren H Oct 12 '16 at 21:29
  • 1
    You can try encrypt your php scripts e.g [ioncube](https://www.ioncube.com) – Bart Oct 12 '16 at 21:31
  • Answers below suggest permissions, however these are unlikely to help because the user could run a PHP shell to explore the file system and read the files. In essence, if PHP can read a file to process it, a PHP script could get the contents too. Encoding is the usual practice coupled with licensing to restrict the files to a specific machine if desired. You should also invest in a signed legally binding agreement that sets out what the client is permitted to do. Disclosure: I am associated with ionCube. – Nick Oct 20 '16 at 07:48

3 Answers3

0

the answer to this has multiple facets :

  1. to protect the files from being modified / moved, you should probably manage the file permissions (and avoid giving your client the root password)
  2. if it's the code you're worried about (i.e. you don't want the client to see / modify the code the code), you should look for code obfuscation tools (look here : Is there a code obfuscator for PHP?)
  3. you'll have to trust your client at some stage .. and if this can not be achieved then you will have to get a new client at some stage :)
Community
  • 1
  • 1
Nir
  • 1,225
  • 12
  • 8
  • 2
    There are four ultimate truths in life. Death. Taxes. Clients are always wrong. You can't tell your clients they are wrong. – Darren H Oct 12 '16 at 21:30
0

There are a few options:

  1. Use standard permissions (use chmod). Set www-data as owner of directory. Do not allow anyone else access to the directory.
  2. Use standard permissions (use chmod). Set yourself as owner of directory. Set group to www-data. Do not allow anyone else access to the directory.
  3. Install the acl package to give you more fine-tuned permissions as to allow you to specify permission levels for various users and groups. (use setfacl). I tend to prefer this option if I have multiple groups needing various permission to a directory.
kojow7
  • 10,308
  • 17
  • 80
  • 135
0

Would be really strange if the client did not have at least sudo rights to his own local environment.

If the client has root access or is in the sudoers file it will not be a solution to change ownership nor file permission for the files.

If the client is in the sudoers file he can simple do a sudo passwd root to change the root password or he can do a sudo chown -R client:www-data /var/www/website to gain access to the files regardless of the permissions (which he of course also could easily change anyways).

As Bart suggest Ioncube could be a possible solution if you want to encrypt your files.

L.H
  • 325
  • 1
  • 7