How do I allow my users to _only_ edit their own user details?

I have about 20 users who will have varying degrees of access to the Zope management area. All in the one users folder.

I want to encourage them to change their password regularly. But I don't want them to be able to edit other user's details or even create acl_users folders, just edit their own details.

I cant seem to work out how to do this.

Tom