REVOKE(2) System Calls Manual REVOKE(2)

revokerevoke file access

#include <unistd.h>

int
revoke(const char *path);

The revoke function invalidates all current open file descriptors in the system for the file named by path. Subsequent operations on any such descriptors fail, with the exceptions that a () from a character device file which has been revoked returns a count of zero (end of file), and a () call will succeed. If the file is a special file for a device which is open, the device close function is called as if all open references to the file had been closed.

Access to a file may be revoked only by its owner or the super user. The revoke function is currently supported only for block and character special device files. It is normally used to prepare a terminal device for a new login session, preventing any access by a previous user of the terminal.

A 0 value indicated that the call succeeded. A -1 return value indicates an error occurred and errno is set to indicated the reason.

Access to the named file is revoked unless one of the following:

[]
A component of the path prefix is not a directory.
[]
A component of a pathname exceeded 255 characters, or an entire path name exceeded 1024 characters.
[]
The named file or a component of the path name does not exist.
[]
Search permission is denied for a component of the path prefix.
[]
Too many symbolic links were encountered in translating the pathname.
[]
Path points outside the process's allocated address space.
[]
The named file is neither a character special or block special file.
[]
The caller is neither the owner of the file nor the super user.
[]
The path does not represent a block or character device.
[]
The path represents a block device which is providing the backing for a mounted volume.

close(2)

The revoke function was introduced in 4.3BSD-Reno.

June 4, 1993 macOS 14.4