Taran,

Can you access the accounts that you need to "su - " to legally?

If yes, then go the "ssh traded keys" route.

On most of our servers, we disable "rsh/remsh". Check it via inetadm or in /etc/inetd.conf.

OR, even though you may not have "root", you can ask your Unix engineers to chown/chmod the script once you have finished writing it.