In /etc/passwd the home for user at is /var/spool/cron/atjobs, but I think it must be /var/spool/at/atjobs. Use pwck. Some other users do not have their correct homepaths set, too.
Please only restrict sensitive bugs, this does not sound like a security issue. Reassigning to bug wranglers
If in passwd a falsy homepath is set, i.e. to a dir a user can put files, it could be exploited to gain login access. See pwck, there are many falsy homedirs set. It is not related to at only. >> security@gentoo.org
Thank you for report, cilly. Although at works even with wrong home directory, this change does no harm thus I modified ebuild to set home directory to /var/spool/at/atjobs. But because of "at" user is already in your system thus you have to modify your passwd file by yourself, fex with vipw. And, please, explain how does wrong home directories affect security? I've never heard about anything similar, but I'm not a member of security team, thus I could miss something. :)
Well, it is a design bug and a result of being lazy. In this case, there wasn't a security hole opened, but such "desgin"-bugs could cause security holes. So see it as keeping it all clean.
Ok. Nothing to do then. Closing. If you have objections and you think that all other users should have right homedirs set reopen then, but, please, explain how this could compromise system or what is broken by such setting. Personally I do not understand why user need home directory set if user is a system user and should never login and programs which are run with this user id do not use home directory. Fex in this example at does not use home directory at all. At least at first glance I did not found any mention of home directory in sources.
