/usr/bin/passwd offers a "safe way" for root to edit /etc/passwd (or shadow). If setuid it allows regular users to change passwd without asking root to do changes for them.
(note: does have learning curve on args to choose)
gnupasswd - gnu change user password
gnugpasswd - gnu change group password
gnupasswd(1) has a goal to work with older login.c/linux and some newer too, also "getpwent" (any glibc).
This is a quick script I wrote to automate a rather inconveniently long sequence of terminal commands to compromise a misconfigured nfs server, and obtain root.
In other words i'm lazy, so I wrote a bash script.
Password is: FELIX
Programmed on kali linux, to use on metasploitable2.