Without an entry in the shadow file, this user can't use sudo with the
following error:
account validation failure, is your account locked
(which I include here for future googling because it's pretty obscure,
you have to have this odd situation, or a pretty broken PAM to see it).
The "nodepool" user (10001) is in the root group, which is why the
uid_entrypoint script can update the /etc/passwd file. We need to
change the ownership of the /etc/shadow file for this to work. It
feels a bit weird, but there's no password to actually guess anyway.
Change-Id: I8846757edffe31f96df58999d05727910c9fca43
747e957263