1 files changed, 3 insertions, 9 deletions

diff --git a/src/main.rs b/src/main.rs
index c6e8201..850d43b 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -14,7 +14,6 @@ const ERROR_CONFIG:         u8 = 2;
 const ERROR_NO_USER:        u8 = 3;
 const ERROR_NOT_AUTHORIZED: u8 = 4;
 const ERROR_AUTH_FAILED:    u8 = 5;
-const ERROR_RUN_ROOT:       u8 = 6;
 
 
 fn main() -> ExitCode {
@@ -74,19 +73,12 @@ fn main() -> ExitCode {
         }
     };
 
-
     // authenticate the user
     if !validate(&user.name, persist) {
         eprintln!("Authentication failed.");
         return ExitCode::from(ERROR_AUTH_FAILED);
     }
 
-    // set the uid and gid of the process to root to run the command as root
-    if !unistd::setuid(unistd::geteuid()).is_ok() || !unistd::setgid(unistd::getegid()).is_ok() {
-        eprintln!("Failed to set root permissions");
-        return ExitCode::from(ERROR_RUN_ROOT);
-    };
-
     // execute the passed command
     let start = 1 + flags.arg_count;
     let err = exec::execvp(&args[start], &args[start..]);
@@ -128,6 +120,7 @@ struct Config {
 /// * `false` - If the user failed to authenticate
 fn validate(user: &str, persist: bool) -> bool {
     if persist && persist::get_persist(user) {
+        secure::elevate_privilages(0, 0);
         return true;
     }
     let input = match rpassword::prompt_password(format!("crab ({}) password: ", user)) {
@@ -142,6 +135,7 @@ fn validate(user: &str, persist: bool) -> bool {
     if !auth.authenticate().is_ok() || !auth.open_session().is_ok() {
         return false;
     }
+    secure::elevate_privilages(0, 0);
     if persist {
         persist::set_persist(user);
     }
@@ -222,7 +216,7 @@ fn config(path: &str) -> Option<Config> {
     let mut identitys = vec![];
     for (line_num, line) in file.split("\n").enumerate() {
         let args: Vec<&str> = line.split(" ").collect();
-        if line.trim() == "" {
+        if line.starts_with("#") || line.trim() == "" {
             continue;
         }
         if args.len() < 2 {