Some LINUX systems do not allow users to change their passwords by using the passwd command. How is this restriction enforced? Is it a good or bad practice? Why?

What will be an ideal response?

This can be done by taking away the execute permission on the /usr/bin/passwd file (the file that contains the executable code for the passwd command) from everyone. In general, it is not a good practice because users should be allowed to change their passwords frequently for security reasons. However, some system administrators do not allow users to change their passwords so that they (the administrators) have to do less work in case the users forget their new (changed) passwords. If a user forgets his/her password, the system administrator only needs to read a file (hard or soft) to locate the initial pair for the user.
Note: On some networked systems you need to use the nispasswd or yppasswd command.