Why doesn't sudo need password when used in rc.local?

I have added

sh /home/victor/startupAP.sh

into /etc/rc.local and the startupAP.sh contains statement which need sudo:

$ cat startupAP.sh 
#!/bin/bash
sudo hostapd -B /etc/hostapd/hostapd.conf 2>&1 >/home/victor/startupap.log
#sudo ifconfig wlan1 192.168.0.1 netmask 255.255.255.0; sudo dhcpd wlan1 -pf /var/run/dhcp-server/dhcpd.pid; sudo bash -c "echo 1 >/proc/sys/net/ipv4/ip_forward"; sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo ifconfig wlan1 192.168.0.1 netmask 255.255.255.0 2>&1 >>/home/victor/startupap.log
sudo dhcpd wlan1 -pf /var/run/dhcp-server/dhcpd.pid 2>&1 >>/home/victor/startupap.log
sudo bash -c "echo 1 >/proc/sys/net/ipv4/ip_forward" 2>&1 >>/home/victor/startupap.log
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE 2>&1 >>/home/victor/startupap.log

If I run this script in the terminal, it needs password,

$ sudo ./startupAP.sh
[sudo] password for victor: 

but if I reboot, this script ran and worked as expected without password, why?


As Javier pointed out in comments, the scripts included in rc.local (and init.d) are run by root and then some of them drops privileges or change users, since running services with the root account is normally a security hole. If you want your script run by root even when calling them manually, you can use the SETUID:

sudo chown root /home/victor/startupAP.sh
sudo chmod +s /home/victor/startupAP.sh

But remember that the setuid is ignored if you use a shebang.