diff --git a/roles/patrix/defaults/main.yml b/roles/patrix/defaults/main.yml
index a0905b6..d5cbe7e 100644
--- a/roles/patrix/defaults/main.yml
+++ b/roles/patrix/defaults/main.yml
@@ -1,5 +1,6 @@
 ---
 
+# Homeserver to connect to (without https://)
 # patrix_server:
 # 
 #
@@ -11,6 +12,11 @@
 #
 # patrix_token:
 #
+# Default room where messages will be sent
 # patrix_room:
+#
+# If true, patrix will be updated to the latest version available
+# Else, ansible will just check if it's installed
+patrix_update: False
 
 ...
diff --git a/roles/patrix/tasks/install_RedHat.yml b/roles/patrix/tasks/install_RedHat.yml
index 829066f..94587a5 100644
--- a/roles/patrix/tasks/install_RedHat.yml
+++ b/roles/patrix/tasks/install_RedHat.yml
@@ -1,5 +1,9 @@
 ---
 
 - name: Install patrix
-  yum: name=patrix
+  yum:
+    name:
+      - patrix
+      - acl
+    state: "{{ patrix_update | ternary('latest', 'present') }}"
   tags: patrix
diff --git a/roles/patrix/tasks/main.yml b/roles/patrix/tasks/main.yml
index 5a37ad5..c8c02a3 100644
--- a/roles/patrix/tasks/main.yml
+++ b/roles/patrix/tasks/main.yml
@@ -3,7 +3,14 @@
 - include: install_{{ ansible_os_family }}.yml
 
 - name: Deploy patrix config for root user
-  template: src=patrixrc.j2 dest=/root/.patrixrc mode='600'
+  template: src=patrixrc.j2 dest=/etc/patrixrc mode='600'
   tags: patrix
 
+- name: Set ACL on patrixrc config
+  shell: |
+    setfacl -b /etc/patrixrc
+    setfacl -m {% for group in system_admin_groups %}g:{{ group }}:r{{ ',' if not loop.last }}{% endfor %} /etc/patrixrc
+  when: system_admin_groups is defined and system_admin_groups | length > 0
+  changed_when: False
+  tags: patrix
 ...