Old discussion, but just to add that arguably the 'proper' UNIX way of doing this would be using the setuid bit (already used by SAS for sasauth, sasperm and elssrv). That means that if you:
sudo chown root cleanwork
sudo chmod u+s cleanwork
then any subsequent execution of cleanwork will run with root privileges, regardless of the user that executed it. You can then limit who can actually trigger cleanwork using standard UNIX execute permissions.
Running shell scripts as root generally isn't a great idea, which is why the setuid bit functionality is limited to binary executables.
Nik
... View more
