as rightly suggested in the comments, the built-in tools for such behavior are not.
need to act "bypass".
for example, you can use the inotify mechanism.
In the inotify-tools package, which is probably included in all popular distributions, there is an inotifywait program that you can use for this case.
Here is an example of a script that will track the appearance of files / directories in an infinite loop, and, if they do not meet any criteria, delete them. in this example, the attribute “group ownership” is used, but this is easy to change in order to adapt to the actions of the program that is allowed to create files / directories in the monitored directory.
#!/bin/bash d=/путь/к/отслеживаемому/каталогу g=имя_группы while true; do r=$(inotifywait -re create --format '%w%f' $d 2>/dev/null) #echo $r if [ -n "$r" ]; then gr=$(stat --printf='%G' "$r") if [ "$gr" != "$g" ]; then rm -rf "$r" fi fi done