diff --git a/src/libstore/unix/build/local-derivation-goal.cc b/src/libstore/unix/build/local-derivation-goal.cc
index a99439738..2e75aa031 100644
--- a/src/libstore/unix/build/local-derivation-goal.cc
+++ b/src/libstore/unix/build/local-derivation-goal.cc
@@ -503,8 +503,9 @@ void LocalDerivationGoal::startBuilder()
 
     /* Create a temporary directory where the build will take
        place. */
-    tmpDir = createTempDir(settings.buildDir.get().value_or(""), "nix-build-" + std::string(drvPath.name()), false, false, 0700);
-
+    auto parentTmpDir = createTempDir(settings.buildDir.get().value_or(""), "nix-build-" + std::string(drvPath.name()), false, false, 0700);
+    tmpDir = parentTmpDir + "/build";
+    createDir(tmpDir, 0700);
     chownToBuilder(tmpDir);
 
     for (auto & [outputName, status] : initialOutputs) {
diff --git a/src/libutil/file-system.cc b/src/libutil/file-system.cc
index 9d6142556..cadcab96d 100644
--- a/src/libutil/file-system.cc
+++ b/src/libutil/file-system.cc
@@ -412,6 +412,11 @@ void deletePath(const fs::path & path)
     deletePath(path, dummy);
 }
 
+void createDir(const Path &path, mode_t mode)
+{
+    if (mkdir(path.c_str(), mode) == -1)
+        throw SysError("creating directory '%1%'", path);
+}
 
 Paths createDirs(const Path & path)
 {
diff --git a/src/libutil/file-system.hh b/src/libutil/file-system.hh
index c6b6ecedb..e7bf087eb 100644
--- a/src/libutil/file-system.hh
+++ b/src/libutil/file-system.hh
@@ -157,6 +157,11 @@ inline Paths createDirs(PathView path)
     return createDirs(Path(path));
 }
 
+/**
+ * Create a single directory.
+ */
+void createDir(const Path & path, mode_t mode = 0755);
+
 /**
  * Create a symlink.
  */
diff --git a/tests/functional/check.sh b/tests/functional/check.sh
index efb93eeb0..a5e61b035 100755
--- a/tests/functional/check.sh
+++ b/tests/functional/check.sh
@@ -46,7 +46,7 @@ test_custom_build_dir() {
       --no-out-link --keep-failed --option build-dir "$TEST_ROOT/custom-build-dir" 2> $TEST_ROOT/log || status=$?
   [ "$status" = "100" ]
   [[ 1 == "$(count "$customBuildDir/nix-build-"*)" ]]
-  local buildDir="$customBuildDir/nix-build-"*
+  local buildDir="$customBuildDir/nix-build-"*"/build"
   grep $checkBuildId $buildDir/checkBuildId
 }
 test_custom_build_dir
diff --git a/tests/nixos/user-sandboxing/default.nix b/tests/nixos/user-sandboxing/default.nix
index cdb0c7eb6..8a16f44e8 100644
--- a/tests/nixos/user-sandboxing/default.nix
+++ b/tests/nixos/user-sandboxing/default.nix
@@ -16,6 +16,8 @@ let
     set -x
 
     chmod 700 .
+    # Shouldn't be able to open the root build directory
+    (! chmod 700 ..)
 
     touch foo
 
@@ -85,15 +87,15 @@ in
 
         # Wait for the build to be ready
         # This is OK because it runs as root, so we can access everything
-        machine.wait_for_file("/tmp/nix-build-open-build-dir.drv-0/syncPoint")
+        machine.wait_for_file("/tmp/nix-build-open-build-dir.drv-0/build/syncPoint")
 
         # But Alice shouldn't be able to access the build directory
-        machine.fail("su alice -c 'ls /tmp/nix-build-open-build-dir.drv-0'")
-        machine.fail("su alice -c 'touch /tmp/nix-build-open-build-dir.drv-0/bar'")
-        machine.fail("su alice -c 'cat /tmp/nix-build-open-build-dir.drv-0/foo'")
+        machine.fail("su alice -c 'ls /tmp/nix-build-open-build-dir.drv-0/build'")
+        machine.fail("su alice -c 'touch /tmp/nix-build-open-build-dir.drv-0/build/bar'")
+        machine.fail("su alice -c 'cat /tmp/nix-build-open-build-dir.drv-0/build/foo'")
 
         # Tell the user to finish the build
-        machine.succeed("echo foo > /tmp/nix-build-open-build-dir.drv-0/syncPoint")
+        machine.succeed("echo foo > /tmp/nix-build-open-build-dir.drv-0/build/syncPoint")
 
     with subtest("Being able to execute stuff as the build user doesn't give access to the build dir"):
         machine.succeed(r"""
@@ -105,16 +107,16 @@ in
               args = [ (builtins.storePath "${create-hello-world}") ];
           }' >&2 &
         """.strip())
-        machine.wait_for_file("/tmp/nix-build-innocent.drv-0/syncPoint")
+        machine.wait_for_file("/tmp/nix-build-innocent.drv-0/build/syncPoint")
 
         # The build ran as `nixbld1` (which is the only build user on the
         # machine), but a process running as `nixbld1` outside the sandbox
         # shouldn't be able to touch the build directory regardless
-        machine.fail("su nixbld1 --shell ${pkgs.busybox-sandbox-shell}/bin/sh -c 'ls /tmp/nix-build-innocent.drv-0'")
-        machine.fail("su nixbld1 --shell ${pkgs.busybox-sandbox-shell}/bin/sh -c 'echo pwned > /tmp/nix-build-innocent.drv-0/result'")
+        machine.fail("su nixbld1 --shell ${pkgs.busybox-sandbox-shell}/bin/sh -c 'ls /tmp/nix-build-innocent.drv-0/build'")
+        machine.fail("su nixbld1 --shell ${pkgs.busybox-sandbox-shell}/bin/sh -c 'echo pwned > /tmp/nix-build-innocent.drv-0/build/result'")
 
         # Finish the build
-        machine.succeed("echo foo > /tmp/nix-build-innocent.drv-0/syncPoint")
+        machine.succeed("echo foo > /tmp/nix-build-innocent.drv-0/build/syncPoint")
 
         # Check that the build was not affected
         machine.succeed(r"""