===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/sudo/Attic/check.c,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- src/usr.bin/sudo/Attic/check.c	2010/03/04 12:21:36	1.20
+++ src/usr.bin/sudo/Attic/check.c	2011/01/12 21:45:02	1.21
@@ -93,7 +93,12 @@
 	/* do not check or update timestamp */
 	status = TS_ERROR;
     } else {
-	if (user_uid == 0 || user_uid == runas_pw->pw_uid || user_is_exempt())
+	/*
+	 * Don't prompt for the root passwd or if the user is exempt.
+	 * If the user is not changing uid/gid, no need for a password.
+	 */
+	if (user_uid == 0 || (user_uid == runas_pw->pw_uid &&
+	    (!runas_gr || user_gid == runas_gr->gr_gid)) || user_is_exempt())
 	    return;
 
 	build_timestamp(&timestampdir, &timestampfile);