Using the shared /tmp directory is known to have lead to many security vulnerabilities when predictable filenames have been used. And randomly generated names aren't really nice looking.
I am thinking that maybe it would be better to use a per user temporary directory instead. Many applications will use the TMPDIR environment variable in order to decide where temporary files goes.
On login I could simply set TMPDIR=/temp/$USER where /temp would then have to contain a directory for each user with that directory being writable to that user and nobody else.
But in that case I would still like /temp to be a tmpfs mountpoint, which means that the subdirectories would not exist after a reboot and need to be recreated somehow.
Is there any (de-facto) standard for how to create a tmpfs with per user subdirectories? Or would I have to come up with my own non-standard tools to dynamically generate such directories?
Best Answer
You can use pam-tmpdir for this. It creates a directory for each user that logs in, at the start of their PAM session.
See How to remount filesystem at logout? for a little more context...
In Debian, Ubuntu and derivatives it's available in
libpam-tmpdir.