The passwd program and others like it are owned by root, and have the setuid bit set, so when you run it, it is running as root. Hence, it is able to update /etc/shadow when you change your password, etc.
What about my answer do you not understand? I thought I was pretty clear... Anyway, here is some further explanation of what I said.
When a user runs a program, they typically run in the user's account, with the user's privileges. The root user has full administrative access to the computer - it can do anything, access any file, etc. There are a number of attributes associated with all files on Linux, such as readable, writeable, executable, and a couple of other more subtle ones, such as the setuid attibute bit. All files/directories have an associated owner and group. There are bits that represent the readble, writeable, and execute attributes for each file and directory, for the owner as well as the group. What setuid means is that when the program is run, the program runs with the privileges of the owner, not the user running it. Since root owns the passwd program, when a regular user runs it, it is as though root was running it. Root also owns and has read+write permissions on /etc/shadow where the passwords are stored, so the passwd program can change your own user settings when you change your password. One way that the admin can make it so that no user can change their password is to remove the setuid bit on the /usr/bin/passwd program (NOT recommended).
I don't know if I can make it any clearer than that.