Is it possible to remove access of /tmp directory for a particular user, i.e user should not be able to even read /tmp directory ?
I know tmp directory has 1777 permission and let every user to create files , but restrict modification to user's own files. I am unable to find any way to do so.
Usecase:
One set of users should be able to do whatever they want but other set of user should not be able to check what other set of users are creating.
One solution is to create a directory and set permission to allow only set of users, but then all users need to edit there script/program to use this particular directory instead.
Is there any way like privatetmp via systemd, but for users instead of service ? I mean setup a tmp directory for the user without user knowing about it, is it possible ?
/tmp
for a user would potentially make the system unusable by that user (it would therefore be better to simply lock their account). Please describe the issue you are trying to solve and we may come up with a better solution. Do this by editing your question rather than adding clarifications in comments. – Kusalananda May 11 '20 at 06:19pam-tmpdir
would meet your requirements (I’m not suggesting a duplicate because I have a hammer here). – Stephen Kitt May 11 '20 at 07:11