`/etc/sudoers` -- 仅为一个命令指定 `env_keep`？

env_keep仅覆盖/path/to/command（当通过任何规则、由任何用户调用时）和用户joe（无论他正在运行什么命令）：

Defaults!/path/to/command env_keep=HOME
Defaults:joe env_keep=HOME

您可以使用-=或+=来删除或添加条目到env_keep列表中。

Cmnd_Alias      PBUILDER = /usr/sbin/pbuilder,/usr/sbin/cowbuilder
Defaults!PBUILDER       env_keep+=HOME

这些行来自我自己，用于纠正查找其用户配置文件但必须以 root 身份运行的/etc/sudoers问题（将其移动到有点违背了同时拥有系统和用户配置文件的目的）。pbuilder$HOME/root

男人须藤：

   env_reset       If set, sudo will reset the environment to only contain
                   the LOGNAME, SHELL, USER, USERNAME and the SUDO_*
                   variables.  Any variables in the caller’s environment
                   that match the env_keep and env_check lists are then
                   added.  The default contents of the env_keep and
                   env_check lists are displayed when sudo is run by root
                   with the -V option.  If the secure_path option is set,
                   its value will be used for the PATH environment
                   variable.  This flag is on by default.

因此，是的，您可以在 /etc/sudoers.conf 中使用env_reset,env_keep和 来做到这一点。env_check