Taran,
Can you access the accounts that you need to "su - " to legally?
If yes, then go the "ssh traded keys" route.
On most of our servers, we disable "rsh/remsh". Check it via inetadm or in /etc/inetd.conf.
OR, even though you may not have "root", you can ask your Unix engineers to chown/chmod the script once you have finished writing it.