From bde276d9629368d2102ddf762dc9b2a9603177c0 Mon Sep 17 00:00:00 2001
From: Raphael Dannecker <raphael.dannecker@steinbeisschule-reutlingen.de>
Date: Fri, 14 Feb 2025 08:45:37 +0100
Subject: [PATCH] Exit pam_exec script when not running as root

When terminating screen lock, pam_exec is called in the context of the corresponding user.
Non-root users don't have the permission to start/stop firewalld. So exit immediately.
---
 roles/lmn_fvs/files/pam-exec.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/roles/lmn_fvs/files/pam-exec.sh b/roles/lmn_fvs/files/pam-exec.sh
index cec702e..967701d 100644
--- a/roles/lmn_fvs/files/pam-exec.sh
+++ b/roles/lmn_fvs/files/pam-exec.sh
@@ -1,5 +1,8 @@
 #!/usr/bin/bash
 
+# exit if not running as root. Because other user don't have privileges to start/stop firewalld.
+[[ "${UID}" -eq "0" ]] || exit 0
+
 if [[ "${PAM_USER}" =~ -exam$ ]]; then
   systemctl start firewalld.service
 elif ! (users | grep -q -- "-exam"); then