From 921d5d3018fd7100889d8a7ce5047915b8d0cf42 Mon Sep 17 00:00:00 2001
From: GarySkywalker-droid
 <194703971+GarySkywalker-droid@users.noreply.github.com>
Date: Sat, 13 Jun 2026 19:59:53 -0400
Subject: [PATCH 1/2] fix: sanitize sudoers filename for usernames containing
 dots

---
 Sources/Plugins/MachineAPIServer/Resources/create-user.sh | 3 ++-
 Tests/CLITests/Subcommands/Machine/TestCLIMachine.swift   | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/Sources/Plugins/MachineAPIServer/Resources/create-user.sh b/Sources/Plugins/MachineAPIServer/Resources/create-user.sh
index 0a4a4bcae..31d279ec9 100755
--- a/Sources/Plugins/MachineAPIServer/Resources/create-user.sh
+++ b/Sources/Plugins/MachineAPIServer/Resources/create-user.sh
@@ -42,5 +42,6 @@ fi
 chown -R "${CONTAINER_UID}:${CONTAINER_GID}" "${CONTAINER_HOME}"
 
 mkdir -p /etc/sudoers.d
-echo "${CONTAINER_USER} ALL=(ALL) NOPASSWD:ALL" > "/etc/sudoers.d/${CONTAINER_USER}"
+SUODOERS_FILE="${CONTAINER_USER//./_}"
+echo "${CONTAINER_USER} ALL=(ALL) NOPASSWD:ALL" > "/etc/sudoers.d/${SUODOERS_FILE}"
 chmod 440 "/etc/sudoers.d/${CONTAINER_USER}"
diff --git a/Tests/CLITests/Subcommands/Machine/TestCLIMachine.swift b/Tests/CLITests/Subcommands/Machine/TestCLIMachine.swift
index 7fc205b77..ff25e979f 100644
--- a/Tests/CLITests/Subcommands/Machine/TestCLIMachine.swift
+++ b/Tests/CLITests/Subcommands/Machine/TestCLIMachine.swift
@@ -381,10 +381,11 @@ class TestCLIMachineRuntime: CLITest {
         try waitForMachineStatus(name, status: "running")
 
         let username = NSUserName()
+        let sanitizedUsername = username.replacingOccurrences(of: ".", with: "_")
         let output = try doMachineRun(
             name: name,
             root: true,
-            command: ["cat", "/etc/sudoers.d/\(username)"]
+            command: ["cat", "/etc/sudoers.d/\(sanitizedUsername)"]
         )
         let content = output.trimmingCharacters(in: .whitespacesAndNewlines)
         #expect(

From 61756ac5c2acbd67e1bedba9f0d0fe8097aa30be Mon Sep 17 00:00:00 2001
From: GarySkywalker-droid
 <194703971+GarySkywalker-droid@users.noreply.github.com>
Date: Sun, 14 Jun 2026 19:35:23 -0400
Subject: [PATCH 2/2] fix: added in the SUDOERS_FILE in place of the
 CONTAINER_USER for chmod to work right

---
 Sources/Plugins/MachineAPIServer/Resources/create-user.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Sources/Plugins/MachineAPIServer/Resources/create-user.sh b/Sources/Plugins/MachineAPIServer/Resources/create-user.sh
index 31d279ec9..2447e7836 100755
--- a/Sources/Plugins/MachineAPIServer/Resources/create-user.sh
+++ b/Sources/Plugins/MachineAPIServer/Resources/create-user.sh
@@ -44,4 +44,4 @@ chown -R "${CONTAINER_UID}:${CONTAINER_GID}" "${CONTAINER_HOME}"
 mkdir -p /etc/sudoers.d
 SUODOERS_FILE="${CONTAINER_USER//./_}"
 echo "${CONTAINER_USER} ALL=(ALL) NOPASSWD:ALL" > "/etc/sudoers.d/${SUODOERS_FILE}"
-chmod 440 "/etc/sudoers.d/${CONTAINER_USER}"
+chmod 440 "/etc/sudoers.d/${SUDOERS_FILE}"