Launchd won't execute a bindfs command

Solution 1:

The bindfs process has to be started with root privileges. Launching it as agent would prevent this.

So sudo launchctl unload ... and sudo launchctl remove ... (the subcommand remove removes the agent from the launchd database - the file won't get deleted!) the plist, move the plist to /Library/LaunchDaemons/ and reload it with sudo launchctl load ....

A properly named and composed org.user.bindfs.sftpjail.plist would look like this:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Label</key>
        <string>org.user.bindfs.sftpjail</string>
        <key>ProgramArguments</key>
        <array>
                <string>/opt/local/bin/bindfs</string>
                <string>/Volumes/BRIGHTRED/ServedDocuments</string>
                <string>/sftpjail/Documents</string>
        </array>
        <key>RunAtLoad</key>
        <true/>
        <key>StandardErrorPath</key>
        <string>/tmp/org.user.bindfs.sftpjail.err</string>
        <key>StandardOutPath</key>
        <string>/tmp/org.user.bindfs.sftpjail.out</string>
        <key>WatchPaths</key>
        <array>
                <string>/Volumes/BRIGHTRED</string>
        </array>
</dict>
</plist>

The WatchPath key is often required (it was in my case) to avoid timing problems. You may remove the keys StandardErrorPath/StandardOutPath and its strings after ensuring that everything works properly.