You won't be able to restrict root from doing anything; if you think about it, doing so could lead to some real trouble if something needs dealing with. Also, only a few people, all administrators, should have any access whatsoever to the root account; if you do have folk that require some access to some privileged commands, that's what sudo is for (minimum grants to non-root users).
Too, there really isn't much need to restricting users ability for changing their own passwords -- you may want to require periodic password changes (that's good practice), but there is no reason to not permit a user's changing their own password every hour if they feel like it (it's their password, why should anybody else give a hoot if they change it?). The root user can, at any time, change any password on the system so there really is no need to restrict users password changes.
If you have a situation where a group of users are working on a project, that's where you want to use group permissions (not group passwords though) to permit each member access to a common directory tree's content. You control who has what access by adding or deleting individual users to a group.
Hope this helps some.