Edit namespace.conf(around 2006~2007)
The first file you'll edit is /etc/security/namespace.conf, which controls the pam_namespace module. In this file, list the directories that you want PAM to polyinstantiate on login. Some example directories are listed in the file included with PAM and are commented out. Typeman namespace.conf
to view a comprehensive manual page. The syntax for each line in this file ispolydir instance_prefix method list_of_uids
.Briefly, here is what these variables represent:
polydir
is the absolute pathname of the directory to polyinstantiate.instance_prefix
is the base directory of the new polyinstantiated user directory.method
can be user, level, or context.list_of_uids
is a list of user names for which PAM will NOT polyinstantiate their directories.
http://www.coker.com.au/selinux/talks/sage-2006/PolyInstantiatedDirectories.html
https://fedoraproject.org/wiki/Infrastructure/FedoraPeopleConfig#polyinstantiated_tempdirs
https://skvidal.wordpress.com/2007/07/13/poly-instantiated-tmpdirs/
http://kurt.seifried.org/2012/03/14/creating-temporary-files-securely/