core: add @system special value to ConditionUser=

It allows checking if the user is a system user or a normal user

3 files changed, 20 insertions, 4 deletions

diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index cd9deaaa3b..6016918488 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -1034,16 +1034,19 @@
         executable.</para>
 
         <para><varname>ConditionUser=</varname> takes a numeric
-        <literal>UID</literal> or a UNIX user name. This condition
-        may be used to check whether the service manager is running
-        as the given real or effective user. This option is not
+        <literal>UID</literal>, a UNIX user name, or the special value
+        <literal>@system</literal>. This condition may be used to check
+        whether the service manager is running as the given user. The
+        special value <literal>@system</literal> can be used to check
+        if the user id is within the system user range. This option is not
         useful for system services, as the system manager exclusively
         runs as the root user, and thus the test result is constant.</para>
 
         <para><varname>ConditionGroup=</varname> is similar
         to <varname>ConditionUser=</varname> but verifies that the
         service manager's real or effective group, or any of its
-        auxiliary groups match the specified group or GID.</para>
+        auxiliary groups match the specified group or GID. This setting
+        does not have a special value <literal>@system</literal>.</para>
 
         <para>If multiple conditions are specified, the unit will be
         executed if all of them apply (i.e. a logical AND is applied).
diff --git a/src/shared/condition.c b/src/shared/condition.c
index 7320b53492..28b328080a 100644
--- a/src/shared/condition.c
+++ b/src/shared/condition.c
@@ -154,6 +154,9 @@ static int condition_test_user(Condition *c) {
         if (r >= 0)
                 return id == getuid() || id == geteuid();
 
+        if (streq("@system", c->parameter))
+                return getuid() <= SYSTEM_UID_MAX || geteuid() <= SYSTEM_UID_MAX;
+
         username = getusername_malloc();
         if (!username)
                 return -ENOMEM;
diff --git a/src/test/test-condition.c b/src/test/test-condition.c
index 790716e1dc..b499be43da 100644
--- a/src/test/test-condition.c
+++ b/src/test/test-condition.c
@@ -385,6 +385,16 @@ static void test_condition_test_user(void) {
         log_info("ConditionUser=%s → %i", username, r);
         assert_se(r == 0);
         condition_free(condition);
+
+        condition = condition_new(CONDITION_USER, "@system", false, false);
+        assert_se(condition);
+        r = condition_test(condition);
+        log_info("ConditionUser=@system → %i", r);
+        if (geteuid() == 0)
+                assert_se(r > 0);
+        else
+                assert_se(r == 0);
+        condition_free(condition);
 }
 
 static void test_condition_test_group(void) {