diff --git a/set_perms.c b/set_perms.c
index 0b4e9455c..8126fedcf 100644
--- a/set_perms.c
+++ b/set_perms.c
@@ -119,6 +119,11 @@ set_perms_posix(perm)
 				break;
 				
 	case PERM_RUNAS:
+				if (seteuid(runas_pw->pw_uid))
+				    fatal("unable to change to runas uid", 1);
+			      	break;
+
+	case PERM_FULL_RUNAS:
 				/* headed for exec(), assume euid == 0 */
 				runas_setup();
 				if (def_stay_setuid)
@@ -192,6 +197,11 @@ set_perms_suid(perm)
 			      	break;
 				
 	case PERM_RUNAS:
+				if (seteuid(runas_pw->pw_uid))
+				    fatal("unable to change to runas uid", 1);
+			      	break;
+
+	case PERM_FULL_RUNAS:
 				/* headed for exec(), assume euid == 0 */
 				runas_setup();
 				error = setresuid(def_stay_setuid ?
@@ -264,6 +274,11 @@ set_perms_suid(perm)
 			      	break;
 				
 	case PERM_RUNAS:
+				if (seteuid(runas_pw->pw_uid))
+				    fatal("unable to change to runas uid", 1);
+			      	break;
+
+	case PERM_FULL_RUNAS:
 				/* headed for exec(), assume euid == 0 */
 				runas_setup();
 				error = setreuid(def_stay_setuid ?
@@ -333,6 +348,11 @@ set_perms_nosuid(perm)
 			      	break;
 				
 	case PERM_RUNAS:
+				if (seteuid(runas_pw->pw_uid))
+				    fatal("unable to change to runas uid", 1);
+			      	break;
+
+	case PERM_FULL_RUNAS:
 				/* headed for exec(), assume euid == 0 */
 				runas_setup();
 				if (setuid(runas_pw->pw_uid))
diff --git a/sudo.h b/sudo.h
index cc919d79b..ce23bfb8c 100644
--- a/sudo.h
+++ b/sudo.h
@@ -122,7 +122,8 @@ struct sudo_user {
 #define PERM_FULL_USER           0x03
 #define PERM_SUDOERS             0x04
 #define PERM_RUNAS               0x05
-#define PERM_TIMESTAMP           0x06
+#define PERM_FULL_RUNAS          0x06
+#define PERM_TIMESTAMP           0x07
 
 /*
  * Shortcuts for sudo_user contents.