I've been noticed that normal users can change their own passwords without sudo. But as far as i know, to change password has to write the /etc/shadow file which is accessible only by root.
How does that happen??
The passwd program in installed setuid root:
$ ls -l `which passwd`
-rwsr-xr-x 1 root root 41284 Sep 12 2012 /usr/bin/passwd
Note the s in the fourth position. This is a flag that can be set in the file permissions that tells Linux to assume the privileges of the user that owns the executable when it is run - in this case, root.