Container Interaction
Once a container is running, you need ways to interact with it -- run commands inside it, watch its output in real time, or move files in and out. This lesson covers the essential tools: docker exec, docker attach, docker cp, docker top, and docker diff.
Executing Commands (docker exec)
docker exec runs a new process inside a running container. The container's main process (PID 1) is unaffected.
Interactive Shell
# Bash shell (Debian/Ubuntu images)
docker exec -it my-container bash
# sh shell (Alpine / minimal images)
docker exec -it my-container sh
One-Off Commands
# Check environment variables
docker exec my-container env
# List files
docker exec my-container ls -lah /app
# Check running processes
docker exec my-container ps aux
# Read a config file
docker exec my-container cat /etc/nginx/nginx.conf
# Test DNS resolution
docker exec my-container nslookup database
# Check disk usage inside the container
docker exec my-container df -h
Exec Options
| Flag | Purpose | Example |
|---|---|---|
-i | Keep STDIN open (interactive) | docker exec -i app cmd |
-t | Allocate pseudo-TTY | docker exec -t app cmd |
-it | Interactive shell (both flags) | docker exec -it app bash |
-d | Run in background (detached) | docker exec -d app cleanup.sh |
-u | Run as specific user | docker exec -u root app apt update |
-w | Set working directory | docker exec -w /app app ls |
-e | Set environment variable | docker exec -e DEBUG=1 app cmd |
Use -u root when you need to install debugging tools temporarily. But never rely on changes made inside a running container -- they are lost on restart.
Attaching to Containers (docker attach)
docker attach connects your terminal to the container's main process (PID 1). Unlike exec, it does not start a new process.
docker attach my-container
Exec vs Attach
flowchart TD
subgraph exec_flow["docker exec -it bash"]
A["Container PID 1: nginx"] --> B["New process: bash (PID 42)"]
B --> C["Your terminal connected to bash"]
end
subgraph attach_flow["docker attach"]
D["Container PID 1: nginx"] --> E["Your terminal connected to PID 1"]
end
style exec_flow fill:#e3f2fd,stroke:#1565c0
style attach_flow fill:#fff3e0,stroke:#ef6c00
| Feature | docker exec | docker attach |
|---|---|---|
| Creates new process | ✅ Yes | ❌ No |
| Connects to | New process | PID 1 (main process) |
| Exiting kills container? | ❌ No | ⚠️ Yes (if PID 1 exits on Ctrl+C) |
| Multiple sessions | ✅ Independent | ❌ Same stream |
| Best for | Debugging, running commands | Viewing live output of main process |
Detach Without Stopping
To disconnect from attach without stopping the container, use the detach sequence:
Ctrl+P, then Ctrl+Q
If you press Ctrl+C while attached, it sends SIGINT to PID 1. For most applications, this stops the container. Always use Ctrl+P, Ctrl+Q to safely detach.
Copying Files (docker cp)
docker cp copies files between the host filesystem and a container. It works on running or stopped containers.
Host → Container
# Copy a config file into a container
docker cp nginx.conf my-container:/etc/nginx/nginx.conf
# Copy an entire directory
docker cp ./config/ my-container:/app/config/
Container → Host
# Copy a log file out
docker cp my-container:/var/log/nginx/error.log ./error.log
# Copy an entire directory
docker cp my-container:/app/data/ ./backup/
Common Use Cases
| Scenario | Command |
|---|---|
| Hot-patch a config file | docker cp new.conf app:/etc/app/config.conf followed by docker exec app nginx -s reload |
| Extract crash logs | docker cp app:/var/log/app.log ./crash.log |
| Copy database dump out | docker cp db:/tmp/dump.sql ./dump.sql |
| Inject test data | docker cp testdata/ app:/app/fixtures/ |
docker cp is great for debugging, but for persistent file access in production, use volumes instead. Changes made via docker cp exist only in the container's writable layer and are lost when the container is removed.
Inspecting Processes (docker top)
docker top shows the processes running inside a container, similar to the ps command on the host:
docker top my-container
Output:
UID PID PPID C STIME TTY TIME CMD
root 1234 1233 0 10:30 ? 00:00:05 nginx: master process
nginx 1250 1234 0 10:30 ? 00:00:02 nginx: worker process
nginx 1251 1234 0 10:30 ? 00:00:02 nginx: worker process
Custom Format
# Show PID, memory, and CPU usage
docker top my-container -o pid,rss,pcpu,comm
Tracking Filesystem Changes (docker diff)
docker diff shows what files have been added, changed, or deleted in the container's writable layer compared to the original image:
docker diff my-container
Output:
C /var # Changed
C /var/log
A /var/log/app.log # Added
C /etc
C /etc/nginx
C /etc/nginx/nginx.conf # Changed
D /tmp/setup.lock # Deleted
| Symbol | Meaning |
|---|---|
A | Added |
C | Changed |
D | Deleted |
This is useful for understanding what a running container has modified -- helpful when debugging unexpected behavior or auditing changes.
Debugging Workflow: Combining Tools
When investigating a misbehaving container, use these tools together:
# 1. Check what processes are running
docker top my-container
# 2. See what files have changed
docker diff my-container
# 3. Get into the container to investigate
docker exec -it my-container sh
# 4. Check logs from inside
docker exec my-container cat /var/log/app/error.log
# 5. Copy evidence out for analysis
docker cp my-container:/var/log/app/ ./debug-logs/
Key Takeaways
docker execruns a new process inside a running container -- use it for shells, one-off commands, and debugging.docker attachconnects to the main process (PID 1) -- useCtrl+P, Ctrl+Qto detach safely.docker cpcopies files between host and container -- works on running and stopped containers.docker topshows running processes;docker diffshows filesystem changes.- Prefer
execoverattachin most situations to avoid accidentally stopping the container.
What's Next
- Continue to Environment Variables to learn how to configure containers with environment settings.