How do you stop a user from committing to a submodule in git?

Let's say you have a parent project and submodule.

There is a user who has read/write permission to the parent project but only read permission for the submodule.

How do you stop the user from making a change to the submodule and committing it and then subsequently committing and pushing the updated reference to this new commit in the parent project?

The user will not be able to push their changes to the submodule as they do not have permission. When another user now pulls down the parent project they will have a reference to a submodule commit that has not been pushed up to the server.

Solution

There are two solutions:

tell your user to use the new --recurse-submodules=check option when pushing
or set up a server-side hook that checks for the new submodule check, in this answer

Migrate from Subversion to git, clone all branches and push through gitolite?
What's the difference between 'git switch' and 'git checkout' <branch>?
Git merge - to squash or not to squash?
Remove a folder from git tracking
Keep handled conflicts when rebasing a repository and the non-linear history
"git blame" a file access control modifier
Is it possible to `git fetch` only specific branches without specifying a full refspec on each invocation?
How to sign out github account in vs code
Git error when trying to push -- pre-receive hook declined
git blame on windows reports "fatal: no such path <path> in HEAD"
Conflict between two git accounts on same system
GitHub Clone with OAuth Access Token
How do I recover a deleted fork in GitHub?
How to safely change github account name?
Adding Git notes to a blob
Can I add metadata to git commits? Or can I hide some tags in gitk
configure Git to accept a particular self-signed server certificate for a particular https remote
Getting `An error has occurred: FatalError: git failed.` when running pre-commit in GitLab pipeline
Git lfs version https://git-lfs.github.com/spec/v1 oid error
GitKraken changes do not show -- disconnected from repo
How to change current branch in git from master to main
Merging a Merge request from command line in GitLab
Git subtree: move subtree to a different directory and pull it
git could not recurse into submodule
Sonarqube: Missing blame information for the following files
How do I list all files with a specific extension in my git repository?
How to link a commit which has been pushed to GitHub to an issue?
How do I navigate in the results of Diff
Ways to improve git status performance
Force add despite the .gitignore file