Issue
Technically a regular user with no access to etc/shadow file, shouldn't be able to change his password, since he does not have the permissions to modify etc/shadow file.
Solution
The "/usr/bin/passwd" file is owned by user "root" and has the SETUID bit set. The process executes "/usr/bin/passwd" with effective user ID 0 (root) and so can change the contents of "/etc/shadow".
$ ls -l /usr/bin/passwd
-rwsr-xr-x 1 root root 72424 Mar 3 19:41 /usr/bin/passwd
$ #^ That 's' means the file is executable and has the SETUID bit set.
$ # The mode of the file is 4755.
Answered By - Ian Abbott Answer Checked By - Gilberto Lyons (WPSolving Admin)
