fix: sanitize sudoers filename for usernames containing dots

[GarySkywalker-droid]

Type of Change

• [*] Bug fix
• New feature
• Breaking change
• Documentation update

Motivation and Context

When a macOS username contains a dot (e.g. user.name), sudo silently ignores /etc/sudoers.d/user.name because sudo skips any drop in file whose name contains a dot. Fix by sanitizing the filename only, keeping the real username intact inside the rule. Fixes #1713

Testing

• Tested locally
• [*] Added/updated tests
• Added/updated docs

[kasc0206]

审查意见 / Review

Clean and minimal fix for issue #1713.

优点

1. Correct root cause: sudoers(5) manpage confirms filenames with . are ignored
2. Minimal change: Shell parameter substitution ${CONTAINER_USER//./_} is elegant
3. Test updated: The test now expects the sanitized filename

注意

Line 46 (chmod 440 "/etc/sudoers.d/${CONTAINER_USER}") still uses the unsanitized filename — this should also use ${SUDOERS_FILE} for consistency, though chmod on a non-existent file would fail silently in the container. Consider fixing in a follow-up.

Reviewed-by: kasc0206

[kasc0206]

Code Review Summary

Strengths

1. Correct root cause: sudoers(5) confirms filenames with . are ignored. 正确的根因分析。
2. Elegant fix: ${CONTAINER_USER//./_} — one-line shell substitution replaces dots with underscores. 简洁的一行修复。
3. Test updated: Validates the sanitized filename. 测试同步更新。

Issue Found

Line 46 still uses $CONTAINER_USER instead of $SUDOERS_FILE in chmod:

-chmod 440 "/etc/sudoers.d/${CONTAINER_USER}"
+chmod 440 "/etc/sudoers.d/${SUDOERS_FILE}"

The chmod will silently fail on the old path. 建议同步修复 chmod 行的变量引用。

Verification

• Shell syntax: OK ✅
• Maps user.name → /etc/sudoers.d/user_name ✅

Nice work!

[GarySkywalker-droid]

Code Review Summary

Strengths

1. **Correct root cause**: sudoers(5) confirms filenames with `.` are ignored. 正确的根因分析。

2. **Elegant fix**: `${CONTAINER_USER//./_}` — one-line shell substitution replaces dots with underscores. 简洁的一行修复。

3. **Test updated**: Validates the sanitized filename. 测试同步更新。

Issue Found

Line 46 still uses $CONTAINER_USER instead of $SUDOERS_FILE in chmod:

-chmod 440 "/etc/sudoers.d/${CONTAINER_USER}"
+chmod 440 "/etc/sudoers.d/${SUDOERS_FILE}"

The chmod will silently fail on the old path. 建议同步修复 chmod 行的变量引用。

Verification

* Shell syntax: OK ✅

* Maps `user.name` → `/etc/sudoers.d/user_name` ✅

Nice work!

oops, good catch I fixed it !