Write, wall, who and mesg

The write command essentially writes to a device file such as /dev/pts/1. It seems to consult utmp in order to figure out the correspondence between users and ttys. One can work around this by simply listing the contents of /dev/pts with ls -lh /dev/pts (although it's most probably not needed - see below).

mesg doesn't seem to do anything other than setting or removing the group write permission from the tty device file:

anthony@laura:~$ who am i
anthony  pts/6        Jun 11 17:06 (:0:S.5)
anthony@laura:~$ mesg
is n
anthony@laura:~$ chmod g+w /dev/pts/6
anthony@laura:~$ mesg
is y

The files in /dev/pts belong to group tty. The write command setgids to this group in order to write to them. Therefore, in order to get point (2) working, it should be possible to use ACLs to make utmp readable by group tty:

setfacl -m g:tty:r /var/run/utmp

(Changing utmp so that its group is tty might also work, but who knows what side effects this might have.)

In order to get point (3) working (given that the /dev/pts file system does not support ACLs), I believe you would need to modify write and implement the functionality in it (for example, read a file "allow_mesg" in the target user's home directory and see if the messaging user is listed in there).

You could use chroot and lock the users into a custom root directory. By doing this, you could point them to whatever versions of mesg, wall, who, etc.

You could also force them into a shell wrapper, and set your controls there.