docker-container-exec

Enter an interactive shell session on an already-running container

$ docker [[exec|container exec]] [[-it|--interactive --tty]] [container_name] [/bin/bash]

$ docker [[exec|container exec]] [[-d|--detach]] [container_name] [command]

$ docker [[exec|container exec]] [[-it|--interactive --tty]] [[-w|--workdir]] [path/to/directory] [container_name] [command]

$ docker [[exec|container exec]] [[-i|--interactive]] [[-d|--detach]] [container_name] [command]

$ docker [[exec|container exec]] [[-it|--interactive --tty]] [[-e|--env]] [variable_name]=[value] [container_name] [/bin/bash]

$ docker [[exec|container exec]] [[-u|--user]] [user] [container_name] [command]

docker exec [OPTIONS] CONTAINER COMMAND [ARG...]

-d, --detach
    Run command in background, detach from output

-i, --interactive
    Keep STDIN open even if not attached

-t, --tty
    Allocate a pseudo-TTY for interactive use

-u, --user USER[:GROUP]
    Run as specific user or UID (non-root)

-w, --workdir DIR
    Set working directory inside container

-e, --env KEY=VAL
    Set single environment variable

--env-file FILE
    Read environment variables from file

--privileged
    Grant extended host privileges (use cautiously)

--detach-keys CTRL-P,CTRL-Q
    Escape sequence for detaching interactive sessions

docker exec runs a command inside a running container, providing shell access or executing scripts for debugging, inspection, or maintenance.

It leverages the container's namespaces and mounts, executing the command as a child process under the Docker daemon. Containers must be running (docker ps to verify); stopped ones require docker start first.

Common use cases include entering a shell (docker exec -it container /bin/bash), checking logs (docker exec container tail /var/log/app.log), or installing packages temporarily. Options like -i -t enable interactive TTY sessions mimicking local terminals. Environment variables, user switching, and working directory changes enhance flexibility.

Security note: Runs as root by default; use -u for non-privileged execution. Privileged mode (--privileged) grants host capabilities but increases risk. Output streams to the calling terminal unless detached.

Container must be running; fails silently if not. Default root execution poses security risks. Detached mode (-d) hides errors unless logs checked. Not for creating/stopping containers.

docker exec -it nginx /bin/bash — Enters bash shell in 'nginx' container.
docker exec -it db psql -U postgres — Connects to PostgreSQL.

docker exec nginx curl localhost — Runs curl inside container.
docker exec -d app tail -f /var/log/app.log — Background log tailing.

Introduced in Docker 1.3.0 (2014) for runtime execution. Enhanced in 1.12+ with swarm support; options like --env-file added later for better env management.

docker(1), docker-run(1), docker-start(1), runc-exec(8)