I wouldn't use /tmp but that's bout it. You don't need sticky or execute bit, just make it 0666 or 1666 if you prefer to keep sticky bit.
In my case i'm using /dev/shm/... and i'm creating the directory structure on boot. This gives faster performance since it's running out on memory.
My script is:
#!/bin/sh
mkdir -p /dev/shm/<REPLACEME>
touch /dev/shm/<REPLACEME>/{default_SESSION,global,ip}.{dir,pag}
chown nobody. /dev/shm/<REPLACEME>/*
chmod a+w /dev/shm/<REPLACEME>/*
You just need to change <REPLACEME>, and add an entry at crontab to run it @reboot. You also need to add/change SecDataDir at /etc/httpd/conf/modsec2.user.conf.
It's been running ok for months, don't get scared with the sizes of the files because they are sparse and don't really use that much. For instance, checking on one machine, ip.pag gives 64M on ls -l but really uses 840K as shown on ls -s.
From time to time, depending on rules and specially on busy hosts, this ip.pag can cause issues (either on memory or disk) and grows to huge sizes (Gb). When that happens apache status starts having processes "hanging" on Logging for some time (seconds). In reality it's reading lots of 0s from the sparse file.
That's the size reported and not real size, in the above example 64M.
Whenever the size is over 150-200Mb I use: "> ip.dir > ip.pag" on the directory to reset files without needing to remake them. This looses information that's stored but keeps things running smoothly.
Feel free to use/adjust this. As I said it's been working for me for months now and the only issue was when I started having the processes on logging and a EC2 machine run out of iops (was using disk at the time).