diff --git a/pkgs/tools/security/nsjail/default.nix b/pkgs/tools/security/nsjail/default.nix
index ae8a06e7b5c..f88156285ca 100644
--- a/pkgs/tools/security/nsjail/default.nix
+++ b/pkgs/tools/security/nsjail/default.nix
@@ -1,5 +1,6 @@
 { stdenv, fetchFromGitHub, autoconf, bison, flex, libtool, pkgconfig, which
-, libnl, protobuf, protobufc }:
+, libnl, protobuf, protobufc, shadow
+}:
 
 stdenv.mkDerivation rec {
   name = "nsjail-${version}";
@@ -13,6 +14,12 @@ stdenv.mkDerivation rec {
     sha256          = "0cgycj0cz74plmz4asxryqprg6mkzpmnxzqbfsp1wwackinxq5fq";
   };
 
+  postPatch = ''
+    substituteInPlace user.cc \
+      --replace "/usr/bin/newgidmap" "${shadow}/bin/newgidmap" \
+      --replace "/usr/bin/newuidmap" "${shadow}/bin/newuidmap"
+  '';
+
   nativeBuildInputs = [ autoconf bison flex libtool pkgconfig which ];
   buildInputs = [ libnl protobuf protobufc ];
   enableParallelBuilding = true;