diff --git a/safeacl b/safeacl
new file mode 100644
index 000000000..88ba31c7e
--- /dev/null
+++ b/safeacl
@@ -0,0 +1,5 @@
+root=
+fileunix=
+feedback=0
+rpc=0
+negative=0
diff --git a/webminlog/acl_security.pl b/webminlog/acl_security.pl
index 4e4e06455..e45a339fa 100755
--- a/webminlog/acl_security.pl
+++ b/webminlog/acl_security.pl
@@ -6,13 +6,15 @@ do 'webminlog-lib.pl';
 # Output HTML for editing security options for the acl module
 sub acl_security_form
 {
+my ($o) = @_;
+
 # Allowed modules
 print &ui_table_row($text{'acl_mods'},
-	&ui_radio("mods_def", $_[0]->{'mods'} eq "*" ? 1 : 0,
+	&ui_radio("mods_def", $o->{'mods'} eq "*" ? 1 : 0,
 		  [ [ 1, $text{'acl_all'} ],
                     [ 0, $text{'acl_sel'} ] ])."<br>\n".
 	&ui_select("mods",
-		   [ split(/\s+/, $_[0]->{'mods'}) ],
+		   [ split(/\s+/, $o->{'mods'}) ],
 		   [ map { [ $_->{'dir'}, $_->{'desc'} ] }
 			 &get_all_module_infos() ],
 		   10, 1),
@@ -20,26 +22,31 @@ print &ui_table_row($text{'acl_mods'},
 
 # Allowed users
 print &ui_table_row($text{'acl_users'},
-	&ui_radio("users_def", $_[0]->{'users'} eq "*" ? 1 : 0,
+	&ui_radio("users_def", $o->{'users'} eq "*" ? 1
+			       $o->{'users'} eq "~" ? 2 : 0,
 		  [ [ 1, $text{'acl_all'} ],
+		    [ 2, $text{'acl_self'} ],
 		    [ 0, $text{'acl_sel'} ] ])."<br>\n".
 	&ui_select("users",
-		   [ split(/\s+/, $_[0]->{'users'}) ],
+		   [ split(/\s+/, $o->{'users'}) ],
 		   [ map { $_->{'name'} } &acl::list_users() ],
 		   10, 1),
 	3);
 
 # Rollback
 print &ui_table_row($text{'acl_rollback'},
-	&ui_yesno_radio("rollback", $_[0]->{'rollback'}));
+	&ui_yesno_radio("rollback", $o->{'rollback'}));
 }
 
 # acl_security_save(&options)
 # Parse the form for security options for the acl module
 sub acl_security_save
 {
-$_[0]->{'mods'} = $in{'mods_def'} ? "*" : join(" ", split(/\0/, $in{'mods'}));
-$_[0]->{'users'} = $in{'users_def'} ? "*" : join(" ", split(/\0/,$in{'users'}));
-$_[0]->{'rollback'} = $in{'rollback'};
+my ($o) = @_;
+$o->{'mods'} = $in{'mods_def'} ? "*" : join(" ", split(/\0/, $in{'mods'}));
+$o->{'users'} = $in{'users_def'} == 1 ? "*" :
+		$in{'users_def'} == 2 ? "~" :
+			join(" ", split(/\0/,$in{'users'}));
+$o->{'rollback'} = $in{'rollback'};
 }
 
diff --git a/webminlog/safeacl b/webminlog/safeacl
new file mode 100644
index 000000000..4e0016e07
--- /dev/null
+++ b/webminlog/safeacl
@@ -0,0 +1,2 @@
+rollback=0
+users=~
diff --git a/webminlog/webminlog-lib.pl b/webminlog/webminlog-lib.pl
index ea2b6fb30..f8adf6422 100755
--- a/webminlog/webminlog-lib.pl
+++ b/webminlog/webminlog-lib.pl
@@ -315,7 +315,10 @@ Returns 1 if the current Webmin user can view log entries for the given user.
 =cut
 sub can_user
 {
-return $access_users{'*'} || $access_users{$_[0]};
+my ($user) = @_;
+return $access_users{'*'} ||
+       $access_users{'~'} && $user eq $remote_user ||
+       $access_users{$user};
 }
 
 =head2 can_mod(module)
@@ -325,7 +328,8 @@ Returns 1 if the current Webmin user can view log entries for the given module.
 =cut
 sub can_mod
 {
-return $access_mods{'*'} || $access_mods{$_[0]};
+my ($mod) = @_;
+return $access_mods{'*'} || $access_mods{$mod};
 }
 
 =head2 get_action(id)