Issue
Anyone that can create a job on a controller can run a script that creates folders on the agents.
Environment
Solution
The solution here is to run the agents with a user that has no rights outside of the agent filesystem and is not a sudoer user.
For example, the user running the agent should be created with
sudo useradd -m --home /var/jenkins-agent jenkins
and then use the /var/jenkins-agent as base folder on the agent configuration. This way, if a user tries to run mkdir /app/test they won’t be allowed (assuming the Linux filesystem permissions are configured to prevent other users from writing to the /app/ directory).
However, they will be able to run mkdir /var/jenkins-agent/test for example. If this is the problem, then you should look at chroot for the user jenkins to make sure it can only call tools you authorized and not all the tools in /usr/bin and so on.
Anyway, you should consider agents as disposable units that can be re-created using infrastructure as code tooling. This way, even if your users are creating folders and agents that are not the same, it is quite easy to erase the agent host and re-connect it to Jenkins. Utilizing ephemeral agents, for example using the Kubernetes plugin, is a recommended long term solution to ensure builds are repeatable and use a fresh environment for every run.