If the user is running sudo as himself but as a different group we

author Todd C. Miller <Todd.Miller@courtesan.com>

Tue, 11 Jan 2011 15:33:39 +0000 (10:33 -0500)

committer Todd C. Miller <Todd.Miller@courtesan.com>

Tue, 11 Jan 2011 15:33:39 +0000 (10:33 -0500)
author Todd C. Miller <Todd.Miller@courtesan.com>
Tue, 11 Jan 2011 15:33:39 +0000 (10:33 -0500)
committer Todd C. Miller <Todd.Miller@courtesan.com>
Tue, 11 Jan 2011 15:33:39 +0000 (10:33 -0500)
diff --git a/check.c b/check.c

index b324c06bde8979651d3c7199c945660cba0ac8c5..e2f237b69e64188351a232e9c123f00f371b24de 100644 (file)
--- a/check.c
+++ b/check.c
@@ -120,7 +120,13 @@ check_user(validated, mode)
      if (ISSET(mode, MODE_INVALIDATE)) {
         SET(validated, FLAG_CHECK_USER);
      } else {
-       if (user_uid == 0 || user_uid == runas_pw->pw_uid || user_is_exempt())
+       /*
+        * Don't prompt for the root passwd or if the user is exempt.
+        * If the user is not changing uid/gid, no need for a password.
+        */
+       if (user_uid == 0 || (user_uid == runas_pw->pw_uid &&
+           (!runas_gr || user_in_group(sudo_user.pw, runas_gr->gr_name))) ||
+           user_is_exempt())
             return;
      }
author	Todd C. Miller <Todd.Miller@courtesan.com>
	Tue, 11 Jan 2011 15:33:39 +0000 (10:33 -0500)
committer	Todd C. Miller <Todd.Miller@courtesan.com>
	Tue, 11 Jan 2011 15:33:39 +0000 (10:33 -0500)