sudoers - when command is run as a specific user

I wish to keep certain environment variables when a certain command is run as a certain user under sudo. man sudoers seems to suggest that Defaults can do this, if I've read the paragraph copied below correctly (see highlighted part), but the syntax spec beneath it doesn't seem to match that (unless it's the Runas portion?) and I have found no examples. Is it possible? My current, failing attempt is: /etc/sudoers.d/certain:4:23: syntax error Defaults:certain-user!/certain-command.sh env_keep += "ENV_VAR1 ENV_VAR2" ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I've tried variations of this (adding spaces, changing the command etc) but to no avail. The paragraph I mentioned: > Defaults > Certain configuration options may be changed from their default values at run-time via one or more Default_Entry lines. These may affect all users on any host, all users on a specific host, a specific user, a specific command, or ***commands being run as a specific user***. Note that per-command entries may not include command line arguments. If you need to specify arguments, define a Cmnd_Alias and reference that instead. Default_Type ::= 'Defaults' | 'Defaults' '@' Host_List | 'Defaults' ':' User_List | 'Defaults' '!' Cmnd_List | 'Defaults' '>' Runas_List Any help or insight would be much appreciated.