[Zope] etcUserFolder

[Frank Tegtmeyer]

>     1) Setup Zope to run as its own user (eg. user 'zope') instead of
>        user 'nobody'
>     2) Add a crontab job to copy the /etc/shadow file to where Zope
>        can see it, changing ownership to user zope and removing group
>        and other permissions.

This makes the shadow password suite worthless.
Assuming readonly access to /etc/shadow it's better to use a simple 
wrapper program that can do the access. This program should be carefully 
designed to not allow arbitrary input to compromise security.

One example is checkpassword (not for non-root programs) which is located 
at http://cr.yp.to/checkpwd.html
It's designed primarily to get a simple interface to various 
authentication schemes, but my be used as an example.

Regards, Frank