Homebrew casks use sudo -u root -E to preserve environment variables when managing LaunchDaemon plist files during upgrades. The error occurs because:
sudoers has env_reset which clears environment variables.SETENV capability needed for sudo -E.-E flag conflicts with the env_reset policy.# Get your username
USER=$(whoami)
# Add to sudoers.d (modular approach)
echo "$USER ALL=(ALL) SETENV: ALL" | sudo tee /etc/sudoers.d/homebrew
# Add to main sudoers (ensures compatibility)
echo -e "\n# Homebrew sudo -E fix\n$USER ALL=(ALL) SETENV: ALL" | sudo tee -a /etc/sudoers
USER=$(whoami) && \
echo "$USER ALL=(ALL) SETENV: ALL" | sudo tee /etc/sudoers.d/homebrew && \
echo -e "\n# Homebrew sudo -E fix\n$USER ALL=(ALL) SETENV: ALL" | sudo tee -a /etc/sudoers
Check sudo permissions:
sudo -l
Look for: (ALL) SETENV: ALL in the output.
Test environment preservation:
sudo -E echo "Environment test successful"
Should work without errors.
Test Homebrew upgrade:
brew upgrade --greedy
The environment preservation errors should be gone.
sudo -E.-E.Before fix:
sudo: sorry, you are not allowed to preserve the environment
Error: Failure while executing; /usr/bin/sudo -u root -E -- /bin/rm -f -- /Library/LaunchDaemons/...
After fix:
==> Removing launchctl service com.adobe.ARMDC.Communicator
==> Upgrading adobe-acrobat-reader
# Upgrade proceeds normally
Some systems require the permission in the main sudoers file rather than sudoers.d. The dual approach ensures maximum compatibility across different macOS configurations and security policies.
To remove the fix:
sudo rm /etc/sudoers.d/homebrew
Then manually edit /etc/sudoers with visudo to remove the added lines.
sudo -E operations (environment preservation).env_reset default behavior remains for standard sudo usage.SETENV permissions.This fix resolves issues with casks that install LaunchDaemons:
Tested on: macOS Sequoia 15.2, Homebrew 4.4.11