This predicate does not really create a file, it just creates a unique name for a file in `/tmp`
For example:
?- tmp_file(mine, F). F = '/tmp/swipl_mine_10397_0'.
That file doesn't exist at the time the operating system was queried but may exist in a millisecond. Or may be a link, or a directory. If you regard the filesystem as a database (which it is), following this up with a file creation is a transaction-less hail-mary operation.
10397 is the process id of "swipl" btw.
On Unix/Linux, this is certainly performing a call to the mktemp(3)
function:
https://linux.die.net/man/3/mktemp
where we read:
Never use mktemp(). Some implementations follow 4.3BSD and replace XXXXXX (of the template name, which cannot be given in this predicate) by the current process ID and a single letter, so that at most 26 different names can be returned. Since on the one hand the names are easy to guess, and on the other hand there is a race between testing whether the name exists and opening the file, every use of mktemp() is a security risk. The race is avoided by mkstemp(3).
Or you have to tune the "tmp directory", which is `/tmp` here, to be a directory under your control. See tmp_file_stream/3 for that.