[sh-run]

Yep, finding and modifying a script that runs with root privileges, but is writable by non-root users is the oldest privesc trick in the book.

With the proper permissions something like this should be ok, but I'd tread lightly. Especially with something that dynamically updates your hosts file.

[anned20]

It won't be able to run if the user that is running it doesn't have the proper privileges. You could even protect the files by giving them other permissions so only the root user can use them.

[sh-run]

Above you mentioned setting this up as a scheduled job. In this case the job would need to run as root (or you'd need to assign the appropriate permissions in the sudoers file, but people are lazy). If a non-root user had write privileges to the file, they could modify the script and thereby gain root code execution.

Naturally it's on the user to properly configure the permissions.

I'm not saying this isn't a worthy project, I'm just adding to the discussion on why people should be cautious when running scripts with root permissions.