docker-exec

Enter an interactive shell session on an already-running container

$ docker exec [[-it|--interactive --tty]] [container_name] [/bin/bash]

$ docker exec [[-d|--detach]] [container_name] [command]

$ docker exec [[-it|--interactive --tty]] [[-w|--workdir]] [path/to/directory] [container_name] [command]

$ docker exec [[-i|--interactive]] [[-d|--detach]] [container_name] [command]

$ docker exec [[-it|--interactive --tty]] [[-e|--env]] [variable_name]=[value] [container_name] [/bin/bash]

$ docker exec [[-u|--user]] [user] [container_name] [command]

docker exec [OPTIONS] CONTAINER COMMAND [ARG...]

-d, --detach
    Detach from the container and run the command in the background.

--detach-keys string
    Override the key sequence for detaching a container.

-e, --env list
    Set environment variables inside the container.

--env-file list
    Read in a line delimited file of environment variables.

-i, --interactive
    Keep STDIN open even if not attached.

--privileged
    Give extended privileges to the command.

-t, --tty
    Allocate a pseudo-TTY.

-u, --user string
    Username or UID (format: [:])

-w, --workdir string
    Working directory inside the container.

docker exec allows you to run arbitrary commands inside a running Docker container. This is useful for debugging, inspecting the container's environment, or running administrative tasks. The command is executed within the container's namespace and filesystem, providing a direct interaction with the containerized application. You can specify a user to execute the command as, control the working directory, and interact with the command's standard input, output, and error streams. It's important to understand the security implications of running commands inside a container, particularly when using privileged access or running as the root user. It's also crucial to ensure the container is in a running state for the docker exec command to function correctly.

The container must be in a running state for `docker exec` to work. Attaching to a stopped container will result in an error. Be mindful of the user context in which the command is being executed, particularly if you're running as root. Commands executed via `docker exec` run within the container's network namespace, potentially exposing the container to external networks if the command opens network connections. Incorrect usage may result in unexpected behavior or security vulnerabilities.

When using the `-it` flags, the command will run interactively within the container, allowing you to interact with it directly. The `-d` flag, on the other hand, will detach the command and run it in the background. Choose the mode that best fits your use case.

Be cautious when using `--privileged`, as it grants the command extended privileges, potentially compromising the security of the host system. Always use the principle of least privilege and only grant the necessary permissions.

The `docker exec` command was introduced as part of Docker's evolution to provide more interactive and administrative capabilities within running containers. It allows developers and operators to inspect, debug, and manage containers without having to rebuild images or restart containers. This capability has become a core part of the Docker ecosystem, facilitating more efficient development and operations workflows.

docker(1), docker-run(1), docker-attach(1)