Added security and functionality.

- Introduced a sudo-nopasswd script that allows users to edit and update
  in one shot.
- Use random suffix on temp files to avoid collisions and hacks.

src/sudo-nopasswd

@@ -0,0 +1,14 @@
+#!/bin/bash
+set -e
+[ "$EUID" -eq 0 ] || { sudo "$0" "$@"; exit $?; }
+SHARE_ROOTS=("$HOME/.local/share" "/usr/local/share" "/usr/share")
+for SHARE_ROOT in "${SHARE_ROOTS[@]}"; do
+	if [ -d "$SHARE_ROOT/sudo-nopasswd" ]; then
+		SHARE_DIR="$SHARE_ROOT/sudo-nopasswd"
+		break
+	fi
+done
+CONSTANTS="sudo_no_passwd_constants.sh"
+source "$SHARE_DIR/$CONSTANTS"
+"$EDITOR" "$ETC_FILE"
+"$UPDATE_COMMAND"

src/sudo_no_passwd_constants.sh

@@ -1,9 +1,12 @@
 #!/bin/bash
+if [ ! "$INSTANCE" ]; then
+	INSTANCE="$(head -c10 /dev/urandom | base32)"
+fi
 ETC_FILE="/etc/sudo-nopasswd"
 SUDOERS_FILE="/etc/sudoers"
-SUDOERS_BAK="/etc/sudoers.bak"
-BEFORE_COMMANDS="/tmp/sudo-nopasswd-before"
-AFTER_COMMANDS="/tmp/sudo-nopasswd-after"
+SUDOERS_BAK="/etc/sudoers.bak_$INSTANCE"
+BEFORE_COMMANDS="/tmp/sudo-nopasswd-before-$INSTANCE"
+AFTER_COMMANDS="/tmp/sudo-nopasswd-after-$INSTANCE"
 SCRIPT_NAME="update-sudo-nopasswd"
 
 # Installation paths
@@ -15,5 +18,3 @@ INITD_DIR="/etc/init.d"
 
 UPDATE_COMMAND="update-sudo-nopasswd"
 WATCH_COMMAND="watch-sudo-nopasswd"
-
-SHARE_DIR="/usr/share/sudo-nopasswd"

src/update-sudo-nopasswd

@@ -1,9 +1,15 @@
 #!/bin/bash
 set -e
-SHARE_DIR="/usr/share/sudo-nopasswd"
+[ "$EUID" -eq 0 ] || { sudo "$0" "$@"; exit $?; }
+SHARE_ROOTS=("$HOME/.local/share" "/usr/local/share" "/usr/share")
+for SHARE_ROOT in "${SHARE_ROOTS[@]}"; do
+	if [ -d "$SHARE_ROOT/sudo-nopasswd" ]; then
+		SHARE_DIR="$SHARE_ROOT/sudo-nopasswd"
+		break
+	fi
+done
 CONSTANTS="sudo_no_passwd_constants.sh"
 source "$SHARE_DIR/$CONSTANTS"
-[ "$EUID" -eq 0 ] || { sudo "$0" "$@"; exit $?; }
 cp "$SUDOERS_FILE" "$SUDOERS_BAK"
 
 if grep -q "^%sudo.*NOPASSWD" "$SUDOERS_FILE"; then
@@ -41,4 +47,4 @@ cat "$ETC_FILE" |
 diff -u "$BEFORE_COMMANDS" "$AFTER_COMMANDS" --color=always |
     grep $'^\x1b\\[[0-9;]*m[+-]' |
     grep -Ev $'^\x1b\\[[0-9;]*m([+][+][+]|[-][-][-])'
-rm "$BEFORE_COMMANDS" "$AFTER_COMMANDS"
+rm "$BEFORE_COMMANDS" "$AFTER_COMMANDS"

src/watch-sudo-nopasswd

@@ -1,7 +1,13 @@
 #!/bin/bash
 set -e
 [ "$EUID" -eq 0 ] || { sudo "$0" "$@"; exit $?; }
-SHARE_DIR="/usr/share/sudo-nopasswd"
+SHARE_ROOTS=("$HOME/.local/share" "/usr/local/share" "/usr/share")
+for SHARE_ROOT in "${SHARE_ROOTS[@]}"; do
+	if [ -d "$SHARE_ROOT/sudo-nopasswd" ]; then
+		SHARE_DIR="$SHARE_ROOT/sudo-nopasswd"
+		break
+	fi
+done
 CONSTANTS="sudo_no_passwd_constants.sh"
 source "$SHARE_DIR/$CONSTANTS"
 while [ 1 ]; do