executable.</para>
<para><varname>ConditionUser=</varname> takes a numeric
- <literal>UID</literal> or a UNIX user name. This condition
- may be used to check whether the service manager is running
- as the given real or effective user. This option is not
+ <literal>UID</literal>, a UNIX user name, or the special value
+ <literal>@system</literal>. This condition may be used to check
+ whether the service manager is running as the given user. The
+ special value <literal>@system</literal> can be used to check
+ if the user id is within the system user range. This option is not
useful for system services, as the system manager exclusively
runs as the root user, and thus the test result is constant.</para>
<para><varname>ConditionGroup=</varname> is similar
to <varname>ConditionUser=</varname> but verifies that the
service manager's real or effective group, or any of its
- auxiliary groups match the specified group or GID.</para>
+ auxiliary groups match the specified group or GID. This setting
+ does not have a special value <literal>@system</literal>.</para>
<para>If multiple conditions are specified, the unit will be
executed if all of them apply (i.e. a logical AND is applied).
if (r >= 0)
return id == getuid() || id == geteuid();
+ if (streq("@system", c->parameter))
+ return getuid() <= SYSTEM_UID_MAX || geteuid() <= SYSTEM_UID_MAX;
+
username = getusername_malloc();
if (!username)
return -ENOMEM;
log_info("ConditionUser=%s → %i", username, r);
assert_se(r == 0);
condition_free(condition);
+
+ condition = condition_new(CONDITION_USER, "@system", false, false);
+ assert_se(condition);
+ r = condition_test(condition);
+ log_info("ConditionUser=@system → %i", r);
+ if (geteuid() == 0)
+ assert_se(r > 0);
+ else
+ assert_se(r == 0);
+ condition_free(condition);
}
static void test_condition_test_group(void) {