diff --git a/modules/system/boot/stage-2-init.sh b/modules/system/boot/stage-2-init.sh
index f54404ddccea..8f1184a5eb36 100644
--- a/modules/system/boot/stage-2-init.sh
+++ b/modules/system/boot/stage-2-init.sh
@@ -42,8 +42,9 @@ fi
 
 
 # Make /nix/store a read-only bind mount to enforce immutability of
-# the Nix store.
-chown root:nixbld /nix/store
+# the Nix store.  Note that we can't use "chown root:nixbld" here
+# because users/groups might not exist yet.
+chown 0:30000 /nix/store
 chmod 1775 /nix/store
 if [ -n "@readOnlyStore@" ]; then
     if ! mountpoint -q /nix/store; then