sudo allows a permitted user to execute a command as root (or another user), as specified by the security policy:

• It reads and parses /etc/sudoers, looks up the invoking user and its permissions,
• then prompts the invoking user for a password (normally the user’s password, but it can as well be the target user’s password. Or it can be skipped with NOPASSWD tag),
• after that, sudo creates a child process in which it calls setuid() to switch to the target user,
• next, it executes a shell or the command given as arguments in the child process above.

Sudoers