System administration

How to restrict script write permissions (lightweight chroot)?

A simple typical task arose - in a certain directory, delete old backups using a cron script. It seems that I made a script, everything is OK, but there is still a slight jitters. Suddenly I screwed up somewhere, or suddenly a file with a strange name like "file1 file2" appears (and rm -rf file1 file2 will be executed, although they cannot be deleted).

In general, I don’t even want to think (if you think, you can make a mistake), but somehow simply and reliably isolate the script. Something like:

writelimit /home/backups /usr/local/bin/myscript.sh

and be sure that even if the script intentionally deletes everything, it cannot do anything outside /home/backups. In this case, the script can use all utilities from the disk like /usr/bin/find, /usr/bin/rm, which require libraries from /lib and /usr/lib.

Is there something similar? And if not, then in which direction to dig, can this be done through cgroups?