Prohibit remote pushing to the master branch in git

Question

Is there any way to modify central repository's configuration to disallow any remote pushing to master branch (using git)? It would only be updated via branch merging by a release owner.

It is possible to do in child repositories but unfortunately it's not always fool-proof enough, easy to forget to do it on new machine - no way to protect from accidental pushes. Developers should be able to pull from any branch and push back to any branch, except for master, which we want to see as read-only. Is it possible with git? Or we are trying a wrong workflow.

Update tl;dr: thanks to Charles Bailey, the answer is checking out master and adding the following config:

receive.denyCurrentBranch = true

Answer 1

You should take a look at the sample update hook called update-paranoid in the contrib directory of the git distribution. It allows you to set up per-branch ACLs restricting who is allowed to push to which branches. This way you can restrict updating master to just release owners.

I'm not quite sure what you mean by "only updated via branch merging". I'm assuming that your central repository is bare, in which case branches are usually only updated by a push. There's no conceptual difference in git between pushing a commit that is a merge and one that isn't so I'm not sure what your criteria for restricting the type of update for master is intended to be.

In the case that you are pushing to a non-bare central repository and master is always the checked out branch then you can simply set the config variable receive.denyCurrentBranch to true or refuse.