Hello, i have the following setup on my server: Suse 8.2 Professional as operating system and RSBAC and Pax as security enhancements. As server programs I have apache, mysql and samba installed and RSBAC configured accordingly. So far the system works fine. In order to prevent that some bad guy - who has somehow acquired root privileges - from changing the password of the RSBAC "security-officer", logging in as him and deactivating RSBAC, I wanted to "move" the right of changing password to a seperate user, creating a "password officer". For that I created a seperate "RC_FD" (filetype definition in the role based access model) for /etc/passwd and /etc/shadow, so I can define, which user shall have read-write access on them. Up to that point I have got it working. The problem is now, that passwd only allows root to change passwords from other users. With the tools of RSBAC I could persuade passwd to accept an other user as system administrator, as substitute for root. Is there a way, to get passwd accepting an other user as entitled to changing other users passwords ? Thank you very much in advance. With best regards. Patrique Wolfrum