The ideal way would be to install gitolite on the central server, because you can then control those ACL from your workstation (by modifying the special admin repo 'gitolite-admin
')
If this isn't possible, then you have to deploy a hook, like a pre-push hook (here is an example) in order to check the remote ref: if it is origin/master, then you can exit with 1 (fail), and that will cancel the push.
But that is a hook that need to be deployed for all the users, which is less convenient than having a centralized access control solution like gitolite.