diff --git a/passwd/acl_security.pl b/passwd/acl_security.pl
index a68503278..31a4a6217 100755
--- a/passwd/acl_security.pl
+++ b/passwd/acl_security.pl
@@ -24,12 +24,15 @@ print &ui_table_row($text{'acl_users'},
 	    " ".&group_chooser_button("groups", 1)."<br>\n".
 	    &ui_checkbox("sec", 1, $text{'acl_sec'}, $o->{'sec'})."<br>\n".
 	    $text{'acl_notusers'}." ".
-	    &ui_textbox("notusers", $o->{'notusers'}, 30)." ".
+	    &ui_textbox("notusers", $o->{'notusers'}, 20)." ".
 	    &user_chooser_button("notusers", 1) ],
 	  [ 6, $text{'acl_mode6'},
 	    &ui_textbox("match", $o->{'mode'} == 6 ? $o->{'users'} : "", 20) ],
 	]), 3);
 
+print &ui_table_row($text{'acl_self'},
+	&ui_yesno_radio("self", $o->{'self'}), 3);
+
 print &ui_table_row($text{'acl_repeat'},
 	&ui_yesno_radio("repeat", $o->{'repeat'}), 3);
 
@@ -63,6 +66,7 @@ $o->{'notusers'} = $in{'mode'} == 5 ? $in{'notusers'} : undef;
 $o->{'low'} = $in{'low'};
 $o->{'high'} = $in{'high'};
 $o->{'repeat'} = $in{'repeat'};
+$o->{'self'} = $in{'self'};
 $o->{'old'} = $in{'old'};
 $o->{'others'} = $in{'others'};
 $o->{'expire'} = $in{'expire'};
diff --git a/passwd/defaultacl b/passwd/defaultacl
index d410e2670..5b35da5b4 100644
--- a/passwd/defaultacl
+++ b/passwd/defaultacl
@@ -6,3 +6,4 @@ others=2
 noconfig=0
 expire=1
 sec=0
+self=0
diff --git a/passwd/lang/en b/passwd/lang/en
index 170f67525..2cb70eeae 100644
--- a/passwd/lang/en
+++ b/passwd/lang/en
@@ -28,6 +28,7 @@ passwd_ok2=The password for user $1 has been changed successfully.
 log_passwd=Changed password for user $1
 
 acl_repeat=Must enter new password again?
+acl_self=Always allow own password to be changed?
 acl_old=Must enter old password?
 acl_old_this=Only for other users
 acl_others=Change password in other modules?
diff --git a/passwd/passwd-lib.pl b/passwd/passwd-lib.pl
index 3a1ec24d1..fe950a163 100755
--- a/passwd/passwd-lib.pl
+++ b/passwd/passwd-lib.pl
@@ -24,6 +24,10 @@ by useradmin::list_users.
 =cut
 sub can_edit_passwd
 {
+if ($access{'self'} && $_[0]->[0] eq $remote_user) {
+	# Self-editing override is enabled
+	return 1;
+	}
 if ($access{'mode'} == 0) {
 	# Can change any
 	return 1;