For example, the passwd file cannot be changed by normal users directly, because 'write' flag is off for every user except 'root':

$ ls -l /etc/passwd
-rw-r--r--    1 root     wheel        1355 Nov  1 21:16 /etc/passwd

However, normal users do need to be able to modify /etc/passwd (at least indirectly) whenever they need to change their password. But, if the user is unable to modify this file, how exactly does this work?