How to create a user and give it read permission to /etc/shadow file?
Solution 1:
Changing an owner group of such important file could even break some things, which is dangerous.
The proper secure way to achieve that is to use POSIX ACLs:
setfacl -m u:special_user:r /etc/shadow
Another problem here is that you gave this right to Nginx, a web server. Which, I suppose, runs some web application. And it is very bad idea to have direct access to /etc/shadow
from web application.
This may seem counterproductive, but this is the way all serious systems do such things: they include private secure proxy service which does all security checks and web front end only can talk to this proxy service to have some access to sensitive data or do other sensitive things. For example, this is the way Proxmox VE is built: there is pvedaemon which does dangerous things, and pveproxy (a web server) only talks to pvedaemon when it needs to do such things.
The third problem is that you access this file at all. What you intend to do? This file is a part of PAM suite. What if some system authentication is modified so it is not using a shadow file, or it is moved? You should use PAM library calls which will do all that stuff for you.