Você pode usar o SETENV
"Tag" no seu arquivo sudoers
, como em:
deploy ALL=(ALL) SETENV: /usr/bin/git, /etc/init.d/httpd*, /sbin/service, /usr/bin/make, /bin/echo
Ou para combiná-lo com o NOPASSWD:
deploy ALL=(ALL) NOPASSWD:SETENV: /usr/bin/git, /etc/init.d/httpd*, /sbin/service, /usr/bin/make, /bin/echo
trecho relevante do homem sudoers:
SETENV and NOSETENV
These tags override the value of the setenv option on a per-command basis. Note that if SETENV has been set for a command, the user may disable the env_reset option from the command line via the -E option. Additionally, environment variables set on the command line are not subject to the restrictions imposed by
env_check
,env_delete
, orenv_keep
. As such, only trusted users should be allowed to set variables in this manner. If the command matched is ALL, the SETENV tag is implied for that command; this default may be overridden by use of the NOSETENV tag.