diff --git a/sshuttle/sudoers.py b/sshuttle/sudoers.py
index 52874d2..d1c8b1e 100644
--- a/sshuttle/sudoers.py
+++ b/sshuttle/sudoers.py
@@ -5,7 +5,15 @@ from uuid import uuid4
 
 
 def build_config(user_name):
-    template = '''
+    """Generates a sudoers configuration to allow passwordless execution of sshuttle."""
+
+    argv0 = os.path.abspath(sys.argv[0])
+    is_python_script = argv0.endswith('.py')
+    executable = f"{sys.executable} {argv0}" if is_python_script else argv0
+    dist_packages = os.path.dirname(os.path.abspath(__file__))
+    cmd_alias = f"SSHUTTLE{uuid4().hex[-3:].upper()}"
+
+    template = f"""
 # WARNING: If you intend to restrict a user to only running the
 # sshuttle command as root, THIS CONFIGURATION IS INSECURE.
 # When a user can run sshuttle as root (with or without a password),
@@ -16,27 +24,18 @@ def build_config(user_name):
 # sshuttle without needing to enter a sudo password. To use this
 # configuration, run 'visudo /etc/sudoers.d/sshuttle_auto' as root and
 # paste this text into the editor that it opens. If you want to give
-# multiple users these privileges, you may wish to use use different
+# multiple users these privileges, you may wish to use different
 # filenames for each one (i.e., /etc/sudoers.d/sshuttle_auto_john).
 
 # This configuration was initially generated by the
 # 'sshuttle --sudoers-no-modify' command.
 
-Cmnd_Alias %(ca)s = /usr/bin/env PYTHONPATH=%(dist_packages)s %(py)s %(path)s *
+Cmnd_Alias {cmd_alias} = /usr/bin/env PYTHONPATH={dist_packages} {executable} *
 
-%(user_name)s ALL=NOPASSWD: %(ca)s
-'''
+{user_name} ALL=NOPASSWD: {cmd_alias}
+"""
 
-    content = template % {
-        # randomize command alias to avoid collisions
-        'ca': 'SSHUTTLE%(num)s' % {'num': uuid4().hex[-3:].upper()},
-        'dist_packages': os.path.dirname(os.path.abspath(__file__))[:-9],
-        'py': sys.executable,
-        'path': sys.argv[0],
-        'user_name': user_name,
-    }
-
-    return content
+    return template
 
 
 def sudoers(user_name=None):