This is pam_tmpdir, a module for (if needed) creating a secure
directory for users' temporary files and setting TMP and TMPDIR.

It is written by Tollef Fog Heen <tfheen@err.no>, and you may use this
under the conditions of the GPL version 2, as noted in
<http://www.gnu.org/copyleft/gpl.html>.  I'd appreciate any bug
reports, patches, suggestions etc.

It is based on pam_env which in turn is based on pam_mail.

To use this module, be sure to add a line like

session    optional     pam_tmpdir.so

to the services where you want to set $TMPDIR and $TMP.

Note that using "optional" instead of "required" will allow users to
login even if pam_tmpdir fails to create the safe tmpdir ($TMP and
$TMPDIR will remain unset in this case).  Using "required" will deny
login if an error occurs while setting up the safe tmpdir, this could
allow for a DoS attack if a malicious user gets the chance to create
/tmp/user before pam_tmpdir does.

The directory in which the users' temporary directories are created
can be set using an entry in /etc/security/tmpdir.conf:

tmpdir=/path/to/tmpdir

pam_tmpdir will fail to create a safe tmpdir if this directory or any
of its parents is group or world writable.