diff --git a/system/activate-configuration.sh b/system/activate-configuration.sh
index 553199269f90..76c2782f623a 100644
--- a/system/activate-configuration.sh
+++ b/system/activate-configuration.sh
@@ -70,7 +70,7 @@ if ! test -e /etc/passwd; then
     touch /etc/shadow; chmod 0600 /etc/shadow
     # Can't use useradd, since it complain that it doesn't know us
     # (bootstrap problem!). 
-    echo "root:x:0:0:System administrator:$rootHome:@shell@" >> /etc/passwd
+    echo "root:x:0:0:System administrator:$rootHome:@defaultShell@" >> /etc/passwd
     echo "root::::::::" >> /etc/shadow
     groupadd -g 0 root
     echo | passwd --stdin root
diff --git a/system/etc.nix b/system/etc.nix
index 4f94b904ecd0..15314a3c57a6 100644
--- a/system/etc.nix
+++ b/system/etc.nix
@@ -1,4 +1,4 @@
-{config, pkgs, upstartJobs, systemPath, wrapperDir}:
+{config, pkgs, upstartJobs, systemPath, wrapperDir, defaultShell}:
 
 let 
 
@@ -64,6 +64,14 @@ import ../helpers/make-etc.nix {
       target = "default/passwd";
     }
 
+    { # Configuration for useradd.
+      source = pkgs.substituteAll {
+        src = ./etc/default/useradd;
+        inherit defaultShell;
+      };
+      target = "default/useradd";
+    }
+
     { # Dhclient hooks for emitting ip-up/ip-down events.
       source = pkgs.substituteAll {
         src = ./etc/dhclient-exit-hooks;
diff --git a/system/etc/default/useradd b/system/etc/default/useradd
new file mode 100644
index 000000000000..df221d58511e
--- /dev/null
+++ b/system/etc/default/useradd
@@ -0,0 +1,3 @@
+GROUP=100
+HOME=/home
+SHELL=@defaultShell@
diff --git a/system/system.nix b/system/system.nix
index 482156a7ca91..d04284f57dd3 100644
--- a/system/system.nix
+++ b/system/system.nix
@@ -148,7 +148,7 @@ rec {
 
   # The static parts of /etc.
   etc = import ./etc.nix {
-    inherit config pkgs upstartJobs systemPath wrapperDir;
+    inherit config pkgs upstartJobs systemPath wrapperDir defaultShell;
   };
 
 
@@ -222,6 +222,9 @@ rec {
     ignoreCollisions = true;
   };
 
+
+  defaultShell = "/var/run/current-system/sw/bin/bash";
+
     
   # The script that activates the configuration, i.e., it sets up
   # /etc, accounts, etc.  It doesn't do anything that can only be done
@@ -230,7 +233,7 @@ rec {
     src = ./activate-configuration.sh;
     isExecutable = true;
 
-    inherit etc wrapperDir systemPath modprobe;
+    inherit etc wrapperDir systemPath modprobe defaultShell;
     inherit (pkgs) kernel;
     readOnlyRoot = config.get ["boot" "readOnlyRoot"];
     hostName = config.get ["networking" "hostName"];