It's a good choice to have per-user /tmp
directories, as this will prevent unprivileged users from seeing other users files. IBM has a good guide on how to setup PAM for that (https://www.ibm.com/developerworks/library/l-polyinstantiation/)
The steps below are shamelessly copies from IBM:
nano /etc/security/namespace.conf
/tmp /tmp/tmp-inst/ user root,adm
/var/tmp /var/tmp/tmp-inst/ user root,adm
Next we need to create those directories:
mkdir /tmp/tmp-inst
mkdir /var/tmp/tmp-inst
chown root:root /tmp/tmp-inst /var/tmp/tmp-inst
chmod 000 /tmp/tmp-inst /var/tmp/tmp-inst
and enable the namespace module:
nano /etc/pam.d/login
&& nano /etc/pam.d/sshd
session required pam_namespace.so // to be added at the end
If your system is going to be used by multiple users, keep in mind that one cannot trust them. It is not even required that your users want to damage you, but one might got social-engineered, thus allowing a hacker to enter your system.
If you are really into securing your box from unprivileged users, you can checkout the following projects: