In general normal user don’t have access to /etc/shadow file as this file have 400 permission but still normal user can modify this file while changing his password. Following explanation will help you to solve this doubt.
[root@afzalkhan ~]#which passwd
/usr/bin/passwd
[root@afzalkhan ~]#ls -l /usr/bin/passwd
-rwsr-xr-x 1 root root 27768 Feb 6 2012 /usr/bin/passwd
The permission on command binary /usr/bin/passwd is 4755 mean any user can execute it and suid is set on it mean, it must be executed as root it’s dose not matter who is executing it, and root have authority to update any file .