How To Use docker exec to Run Commands in a Docker Container

Docker is the go-to solution for containerised application development. It provides an efficient and scalable way to deploy and manage software. docker exec is one of the essential commands for interacting with running containers. It allows users to execute commands inside an active container without stopping or restarting it. This capability is crucial for debugging, managing services and performing administrative tasks.

Understanding docker exec

Use the docker exec command to run a process inside an already running container. Docker exec interacts with an existing container, unlike the Docker run command, which starts a new container instance. Use this to inspect containerised applications, troubleshoot issues and execute maintenance tasks inside a running environment.

Basic Syntax

    docker exec [OPTIONS] CONTAINER COMMAND [ARG...]

        OPTIONS: Additional flags to modify the behavior of the command.
        CONTAINER: The name or ID of the target running container.
        COMMAND [ARG...]: The command to execute inside the container, along with any arguments.

Running Simple Commands

A common use case for docker exec is executing basic shell commands inside a container. For example, to check the environment variables inside a running container, you can use:

    docker exec my_container env

This will display all environment variables for the container named my_container.

Similarly, to list files inside the container’s /var/www/html directory, you can run:

    docker exec my_container ls -l /var/www/html

Running an Interactive Shell

One of the most useful features of docker exec is the ability to open an interactive shell session inside a running container. This can be done using the -it flags:

    docker exec -it my_container /bin/bash

        -i (interactive): Keeps the session open for input.
        -t (TTY): Allocates a pseudo-terminal for the session.

For containers using Alpine Linux or minimal distributions, /bin/bash might not be available. Instead, use:

    docker exec -it my_container sh

This interactive session allows you to navigate the container’s file system, inspect processes, and execute commands in real-time.

Executing Commands as a Different User

By default, docker exec runs commands as the root user inside the container. However, you can specify a different user using the -u option. For instance, if the container has a user named developer, you can run commands as that user:

    docker exec -u developer my_container whoami

This helps enforce security policies and prevents accidental modifications to system files inside the container.

Running Background Processes

If you need to execute a command in the background without keeping the terminal session open, you can use:

    docker exec -d my_container some_command

The -d flag runs the command in a detached mode, allowing the container to continue running without waiting for the command’s output.

For example, to start a background process inside a container, you might use:

    docker exec -d my_container nohup some_script.sh &

Checking Logs and Processes

When troubleshooting a container, it’s useful to inspect its logs and running processes. The docker logs command provides access to standard output logs, but docker exec can be used to directly inspect running processes:

    docker exec my_container ps aux

To continuously monitor system activity, you can run:

    docker exec -it my_container top

This command provides real-time CPU and memory usage information for processes running inside the container.

Handling Permissions and Security

Executing commands inside a container should be done cautiously, especially when running as root. Some best practices include:

    - Running commands as a non-root user whenever possible.
    - Using docker exec for troubleshooting and debugging, not regular automation tasks.
    - Ensuring that containers have minimal privileges using Docker security features like seccomp and AppArmor.

Differences Between docker exec and docker attach

It’s important to differentiate between docker exec and docker attach, as they serve different purposes:

    docker exec starts a new process inside an existing container.
    docker attach connects to an already running process inside a container.

For example, docker attach is useful for reconnecting to a container’s main process, while docker exec is better suited for running additional commands inside a container.

Conclusion

Use the docker exec command to interact with running containers. This essential tool enables administrators and developers to execute commands, open shell sessions and troubleshoot applications efficiently. Understand its options and best practices to leverage Docker more effectively for containerised application management.