ACCT_USER_HOME_PERMS and ACCT_USER_HOME_OWNER should control the owner and the permission bits of the users homedir. But they only really work for the first time the package gets installed. Or for the first install of one of several packages, i.e. acct-user/mail and acct-user/postmaster share /var/spool/mail
If a directory already pre-existed before merge, neither perms nor owner will ever be updated.

I found this when debugging local mail delivery problems on two rather old gentoo installations, even predating acct-user. What acct-user/mail should have set was rather off.

Steps to repro (best do this in docker or remember to undo):

1. check your current perms/owner on /var/spool/mail (assuming acct-user/mail is installed already)
  ls /var/spool/mail/ -al
  > drwxrwsr-t 2 root mail 4096 Jun 22 17:29 .

if it differs you already reproduced and likely used an older system

2. mess it up a bit
  chmod o-rtx /var/spool/mail
  chown mail:mail /var/spool/mail/
  ls /var/spool/mail/ -al
  > drwxr-s--- 1 mail mail 4096 Jun 22 17:29 .

3. repair it
  emerge acct-user/mail
  ls /var/spool/mail/ -al
  drwxr-s--- 1 root mail 4096 Jun 22 17:29 .

4. finally really repair it in case you care about that system you used
  chmod 03755 /var/spool/mail
  chown root:mail /var/spool/mail

Expected result would be that "emerge acct-user/mail" would control via ACCT_USER_HOME_OWNER and ACCT_USER_HOME_PERMS and therefore repair the damage done in step 2.
The actual result is that nothing happens and ACCT_USER_HOME_OWNER/_PERMS have no effect on a reinstall or upgrade.

This is bad because permission bits can never be updated using these two variables, which smell like security for sure. And updates are necessary over time.