Setting defaults in sudoers

Question

I'm trying to set the Defaults in an appropriate way for the pdebuild usage. I've got the command alias defined:

Cmnd_Alias  PBUILDER = /usr/sbin/pbuilder, /usr/bin/pdebuild, /usr/bin/debuild-pbuilder

and I'm trying to set the defaults only for that one:

Defaults        env_reset
Defaults!PBUILDER       env_keep="DIST ARCH"

This fails with syntax error on the line with env_reset. When I comment out the Defaults!PBUILDER line, it works just fine. What should I update here to make it work?

---

Additional info:

$ sudo -V
Sudo version 1.6.9p17

The man page has information about the "Defaults!..." option so this should be ok in theory.

The whole file is:

Cmnd_Alias  PBUILDER = /usr/sbin/pbuilder, /usr/bin/pdebuild, /usr/bin/debuild-pbuilder

Defaults    env_reset
Defaults!PBUILDER   env_keep="DIST ARCH"

root    ALL=(ALL) ALL
stan ALL=(ALL) PBUILDER

%engineering    ALL=(ALL) ALL

Answer 1

I think your man page is out-of-sync with respect to the version of sudo that you're using. I just checked out 1.6.9p23 [aka changeset 5429:f7398cfbac71] from the sudo repository, and the sudoers man page shows the following syntax:

    Default_Type ::= 'Defaults' |
                     'Defaults' '@' Host_List |
                     'Defaults' ':' User_List |
                     'Defaults' '>' Runas_List

There's no mention of the 'Defaults' '!' Cmnd_List syntax available in more recent version. This appears to be an online version of the 1.6.9 man page which shows the same thing.

Answer 2

Just to add to what larsks has said, I've tried your sudoers file in my sudo (1.7.4p5) and it parses fine, no errors. It's possible that the version you're using doesn't have as sophisticated support for defaults as 1.7, or it may just be a bug. Is upgrading sudo out of the question?