With gitosis, is it possible to specify write permissions so that users can push freely to branches with their own name, but not merge with the master? E.g. $USER/test1 .. $USER/test5

This mean you could host just one repository per project, rather than hosting multiple repositories for the same project, specific to each user:

 project1-user1
 project1-user2
 project1-user3
 ...
 project5-user1
 project5-user2
 project5-user3

Gitosis controls access to repositories, but not by branch or commit. So you could put the master in a repo by itself which had read-only access and let users push their individual branches to another repo ( or one per user, as you say). I haven't seen anyone extend gitosis for finer-grain control.

If you really need to restrict your users' access that much and you want to use Git, then perhaps you should only take patches by e-mail and keep your repo as read-only.

The Gitolite project offers this functionality. It's a rewrite of Gitosis in Perl. Its code can be found on github

When I first wrote this answer, it didn't support gitweb or git-daemon integration, but it does now.

This script seems to do per branch access control:

http://www.kernel.org/pub/software/scm/git/docs/howto/update-hook-example.txt

Gitolite supports permission by branch or tag names quite well.

In the Pro GIT book, this section explains in detail how to set it up and configure per branch access right. Search "Config File and Access Control Rules" within that page.