**after building the image don't forget to [set the permissions for the image](#set-permissions-for-image)**
# Create xrootd user in host system
We will map the xrootd user id inside the container to one shifted by 65536 * 10 on the host system. This is an arbitrary choice and one should check this range of user ids is not used by anything else. One also has to be careful that the xrootd user id does not change when a new image is built. The image building script now force sets the user id to 1000 so this should be fine. See [[Migrate xrootd user]] for how to change the host xrootd user later if needed.
We will map the xrootd user id inside the container to one shifted by 65536 * 10 on the host system (this is configured in `/etc/systemd/nspawn/xcache.nspawn` via the `PrivateUsers` option and using the instructions under [Set permissions for image](#set-permissions-for-image) we will ensure correct permissions). This is an arbitrary choice and one should check this range of user ids is not used by anything else. One also has to be careful that the xrootd user id does not change when a new image is built. The image building script now force sets the user id to 1000 so this should be fine. See [[Migrate xrootd user]] for how to change the host xrootd user later if needed.
```bash
# for some reason that command might add a carriage return (therefore the sed) ...
