sudo does NOT automatically grant privs if the user password is correct.

It will always request the user password, THEN verify whether it is appropriate for the user to attain privileges (as per the /etc/sudoers file as edited by visudo by the root user). If the user fails to get privs, it is logged and if configured the administrator gets an email.

This method offers some type of security in that you cannot tell what privs the user has unless the user enters the proper account password.

Thus if the user is NOT in the sudoers file then unless the user has the root password and uses the su command, then the user cannot acquire superuser privs. There are ways to protect this type of access as well.

sudo does NOT automatically grant privs if the user password is correct.

It will always request the user password, THEN verify whether it is appropriate for the user to attain privileges (as per the /etc/sudoers file as edited by visudo by the root user). If the user fails to get privs, it is logged and if configured the administrator gets an email.

This method offers some type of security in that you cannot tell what privs the user has unless the user enters the proper account password.

Thus if the user is NOT in the sudoers file then unless the user has the root password and uses the su command, then the user cannot acquire superuser privs. There are ways to protect this type of access as well.