All right so it seems you've got 2 questions in one here.

Let's split them up:

However, we have certain software repositories that require restricted user rights and when bamboo checks out from Bitbucket repositories, it does so as the Linux user bambooadmin. For security purposes, we cannot use a generic username and ideally we do not want a generic user with access to both restricted and unrestricted areas.

Why would you want this this? Bamboo is a generic utility. It will check out the code and store it on disk (and more than likely the code will stay on disk until wiped). What's your scm(not sure if you're using Bitbucket Cloud)? If it's git you can maybe use bamboo specific ssh keys? That way the bamboo user has access to the repositories and it can be tracked through that?

I would not use sudo from the bamboo user or other ways of sharing credentials since that's just opening up a huge security hole (anyone that can become the bamboo user can then access your repositories - or worse - become the real users).

 We also have back-end processes that require the Bitbucket committing user to execute a specific script which will ideally be automated as the bamboo builder.

Again this is a security hole waiting to happen. Git and Mercurial both will allow somebody to inject other usernames into the history so somebody could potentially push somebody else's name into the history that could trigger things. In addition to this, you might have multiple people doing commits in a history which would make automation difficult. That said - you are given the previous and current sha in the metadata so you could pass them in. But from a security perspective I wouldn't trust it to much. If you're using it to generate release notes and that type of thing you'll probably be safe but if you're changing user's etc - it might be a bit scary (you mentioned security).