Thanks! This looks like a technique that will fit the situation very well. sudo is a swiss army setuid wrapper tool, and I should have read the sudoers man page after reading the sudo man page. This way, the code stays essentially the same, and we retain the excellent logging/auditing capabilities of sudo.