My apologies, I didn't provide the rest of the documentation where we tried without quotes:

[user@houlenv0 ~]$ ksu root -e ls /root
Authenticated user
Account root: authorization for user for execution of
               ls successful
Changing uid to root (0)
ksu: Permission denied while trying to execv ls


And then with single quotes just in case:

[user@houlenv0 ~]$ ksu root -e 'ls /root'
Authenticated user
Account root: authorization for user for execution of
               ls /root successful
Changing uid to root (0)
ksu: Permission denied while trying to execv ls /root



BUT specifying the full path of the command does work:

[user@houlenv0 ~]$ ksu -e /bin/ls /root
Authenticated USER
Account root: authorization for USER for execution of
               /bin/ls successful
Changing uid to root (0)
anaconda-ks.cfg


So from "man ksu":
   -e command [args ...]
        ksu  proceeds  exactly the same as if it was invoked without the
        -e option, except instead of executing  the  target  shell,  ksu
        executes the specified command. Example of usage:

            ksu bob -e ls -lag

         ...

        The commands listed after the principal name must  be  either  a
        full  path  names or just the program name.  In the second case,
        CMD_PATH specifying the location of authorized programs must  be
        defined at the compilation time of ksu.  Which command gets exe‐
        cuted?


We will check their CMD_PATH.