Throw on init if process is not running under root (or similar)

[Kami]

PAM auth backend required elevated privileges (running as root, maybe being part of wheel group would also work) so we should make backend fail early if that condition is not met.

[dennybaa]

http://linux.die.net/man/5/pam.d
well I told that I'm not sure.. There should be appropriate /etc/pam.d/st2auth, don't know how in case of python daemons which we start...

The syntax of files contained in the /etc/pam.d/ directory, are identical except for the absence of any service field. In this case, the service is the name of the file in the /etc/pam.d/ directory. This filename must be in lower case.

An important feature of PAM, is that a number of rules may be stacked to combine the services of a number of PAMs for a given authentication task.

The service is typically the familiar name of the corresponding application: login and su are good examples. The service-name, other, is reserved for giving default rules. Only lines that mention the current service (or in the absence of such, the other entries) will be associated with the given service-application.