Calling sudo without -u defaults to running as root. So, logging as
foobar and doing sudo runs the command as root, which works because
only root can bind to ports less than 1024 (or thereabouts).
On the other hand, logging in as you and running sudo -u foobar runs
the command as foobar, and
That does make sense. I think I was getting confused by the fact that
sudo was invoking the command as foobar, which somehow made me think
foobar was executing the command with sudo privileges. Bzzt.
I fixed this with an override of the deploy:restart task that removes
the -u from the sudo