PHP /tmp folder location and security

I have faced a strange problem. One of my PHP websites (hosted on Cpanel) started to complain about non-writable `/tmp/bakXpay` folder location. I have DEV and TEST sites on the same CPANEL server but different hosting accounts. One of PHP composer packages is creating "cache", using sys_get_temp_dir()
- which returns /tmp
and creates a folder with a name `bakXpay` in it. So, I end up with folder path: `/tmp/bakXpay`
. Permissions are set to TEST site owner and everything looks fine. The problem is, when I test the same website on another hosting account (same server), this PHP composer package uses the same folder name, a.k.a: /tmp/bakXpay
- and gets an error, of course, that folder is not writable. The question: - how it comes, that `/tmp/`
folder is by default shared between all/many accounts? - if somebody "knows" folder names, they can at least "test" existence of it (I tested with PHP script - file_exists()
really returns true
for existing folder names even though they are from completely different user account and are not readable) - is there a setting to set /tmp/
folder to be at user home partition/folder location for all accounts? Or this is not safe, or not secure or any other reason for that? For me - either I can change composer package (which - I cant't, this is a vendor package), or ... ?