diff --git a/roles/lmn_fvs/files/pam-exec.sh b/roles/lmn_fvs/files/pam-exec.sh
index cec702e..967701d 100644
--- a/roles/lmn_fvs/files/pam-exec.sh
+++ b/roles/lmn_fvs/files/pam-exec.sh
@@ -1,5 +1,8 @@
 #!/usr/bin/bash
 
+# exit if not running as root. Because other user don't have privileges to start/stop firewalld.
+[[ "${UID}" -eq "0" ]] || exit 0
+
 if [[ "${PAM_USER}" =~ -exam$ ]]; then
   systemctl start firewalld.service
 elif ! (users | grep -q -- "-exam"); then