diff --git a/src/app/rpmostree-dbus-helpers.c b/src/app/rpmostree-dbus-helpers.c
index 3d20699b..4eed48e7 100644
--- a/src/app/rpmostree-dbus-helpers.c
+++ b/src/app/rpmostree-dbus-helpers.c
@@ -25,6 +25,7 @@
 #include <sys/socket.h>
 #include "glib-unix.h"
 #include <signal.h>
+#include <systemd/sd-login.h>
 
 void
 rpmostree_cleanup_peer (GPid *peer_pid)
@@ -161,11 +162,29 @@ rpmostree_load_sysroot (gchar *sysroot,
   if (sysroot_proxy == NULL)
     return FALSE;
 
-  /* this tells the daemon not to auto-exit as long as we are alive */
-  if (!rpmostree_sysroot_call_register_client_sync (sysroot_proxy,
-                                                    g_variant_builder_end (options_builder),
-                                                    cancellable, error))
-    return FALSE;
+  /* Try to register if we can; it doesn't matter much now since the daemon doesn't
+   * auto-exit, though that might change in the future. But only register if we're active or
+   * root; the daemon won't allow it otherwise. */
+  uid_t uid = getuid ();
+  gboolean should_register;
+  if (uid == 0)
+    should_register = TRUE;
+  else
+    {
+      g_autofree char *state = NULL;
+      if (sd_uid_get_state (uid, &state) >= 0)
+        should_register = (g_strcmp0 (state, "active") == 0);
+      else
+        should_register = FALSE;
+    }
+
+  if (should_register)
+    {
+      if (!rpmostree_sysroot_call_register_client_sync (sysroot_proxy,
+                                                        g_variant_builder_end (options_builder),
+                                                        cancellable, error))
+        return FALSE;
+    }
 
   *out_sysroot_proxy = g_steal_pointer (&sysroot_proxy);
   *out_peer_pid = peer_pid; peer_pid = 0;
diff --git a/tests/vmcheck/test-basic.sh b/tests/vmcheck/test-basic.sh
index c9e8a4aa..d4a71b22 100755
--- a/tests/vmcheck/test-basic.sh
+++ b/tests/vmcheck/test-basic.sh
@@ -50,8 +50,12 @@ if vm_cmd_as testuser rpm-ostree pkg-add foo &> err.txt; then
     assert_not_reached "Was able to install a package as non-root!"
 fi
 assert_file_has_content err.txt 'PkgChange not allowed for user'
-echo "ok layering requires root"
+echo "ok layering requires root or auth"
 
 # Assert that we can do status as non-root
 vm_cmd_as testuser rpm-ostree status
 echo "ok status doesn't require root"
+
+# Also check that we can do status as non-root non-active
+vm_cmd runuser -u bin rpm-ostree status
+echo "ok status doesn't require active PAM session"