lmn-client/roles/lmn_fvs/files/pam-exec.sh

#!/usr/bin/bash

# exit if not running as root. Because other user don't have privileges to start/stop firewalld.
[[ "${UID}" -eq "0" ]] || exit 0

if [[ "${PAM_USER}" =~ -exam$ ]]; then
  systemctl start firewalld.service
  if systemctl is-enabled --quiet libvirtd.service; then
    systemctl restart libvirtd.service
  fi
elif ! (users | grep -q -- "-exam"); then
  systemctl stop firewalld.service
  if systemctl is-enabled --quiet libvirtd.service; then
    systemctl restart libvirtd.service
  fi
fi