Whether to give the container its own private UIDs/GIDs space (user namespacing). Disabled by default (no).
If set to a number (usually above host's UID/GID range: 65536), user namespacing is enabled and the container UID/GIDs will start at that number.
If set to identity, mostly equivalent to 0, this will only provide process capability isolation (no UID/GID isolation, as they are the same as host).
If set to pick, user namespacing is enabled and the UID/GID range is automatically chosen, so that no overlapping UID/GID ranges are assigned to multiple containers. This is the recommanded option as it enhances container security massively and operates fully automatically in most cases.
See https://www.freedesktop.org/software/systemd/man/latest/systemd-nspawn.html#--private-users= for details.
32 bit unsigned integer; between 0 and 4294967295 (both inclusive) or one of "no", "identity", "pick""no"