difference between docker attach and docker exec
Both will be able to execute commands in container. Both could detach the container.
So what is the real difference between the docker exec and docker attach commands?
2015: There was a commit PR which added to the doc:
Note: This command (
attach) is not for running a new process in a container. See:docker exec.
The answer to "Docker. How to get bash\ssh inside ran container (run -d)?" illustrates the difference:
(docker >= 1.3) If we use
docker attach, we can use only one instance of shell (See Manuel Jordan's answer on that).
So if we want to open a new terminal with new instance of container's shell, we just need to rundocker execif the docker container was started using
/bin/bashcommand, you can access it using attach, if not then you need to execute the command to create a bash instance inside the container usingexec.
As mentioned in this issue:
- Attach isn't for running an extra thing in a container, it's for attaching to the running process.
- "
docker exec" is specifically for running new things in a already started container, be it a shell or some other process.
The same issue adds:
While
attachis not well named, particularly because of the LXC commandlxc-attach(which is more akindocker exec <container> /bin/sh, but LXC specific), it does have a specific purpose of literally attaching you to the process Docker started.
Depending on what the process is, the behavior may be different, for instance attaching to/bin/bashwill give you a shell, but attaching to Redis-server will be like you'd just started Redis directly without daemonizing.
Update 2022: See more with "Containers 101: attach vs. exec - what's the difference?" (Dec. 2021) from Ivan Velichko:
Extract:
Difference between attach and logs
On the diagram above,
docker attachstreams the container's logs back to the terminal.
However, thedocker logscommand does a similar thing.
So, what's the difference?The logs command provides various options to filter the logs while attach in that regard acts as a simple tail.
But what's even more important is that the stream established by the logs command is always unidirectional and connected to the container's logs, not the container's stdio streams directly.The logs command simply streams the content of the container's logs back to your terminal, and that's it.
So, regardless of how you created your container (interactive or non-interactive, controlled by a pseudo-terminal or not), you cannot accidentally impact the container while using the logs command.However, when attach is used:
- If a container was created in the interactive mode (
-i), everything you type in the terminal after attach-ing to the container will be sent to its stdin.- You can (intentionally or accidentally) send a signal to the container - for instance, hitting ctrl+c on your end while attached sends
SIGINTto the container.What does exec command do
The exec command is actually a totally different story.
In the case of attach, we were connecting our terminal to an existing container (read, process).
However, the
execcommandstarts a totally new container!
In other words,execis a form of theruncommand (which itself is just a shortcut forcreate+start).
Bart reminds us in the comments that docker exec runs a new command in a running container. Not a "totally new one".
- Why docker container exits immediately
- The Name of Hyperledger Fabric Test Network is not detected by an Application given in the fabric samples
- What is the difference between alpine docker image and busybox docker image?
- Inspect local image with Skopeo
- FastAPI inside docker stopped receiving any requests after a while
- At least one invalid signature was encountered
- docker build --platform=linux/amd64 fails: ERROR: failed to solve: no match for platform in manifest
- Unable to access hiveserver2 via beeline
- What is the "RECLAIMABLE" space displayed in docker system df?
- Deploying sites on Kubernetes pods and deployment not showing
- PostGIS Installation "could not open extension control file"
- Broken urls in Jekyll in Docker
- Docker Desktop for Windows Dashboard runs but not Docker itself
- You're not authorized to run analysis. Please contact the project administrator Sonarqube local
- Traefik can't connect to ACME Server
- How do I configure Nginx Proxy Manager to proxy an OnlyOffice Document Server Docker container?
- bcrypt and Docker bcrypt_lib.node: invalid ELF header
- How to handle long startup times in Azure App Service deployment
- Why set VISIBLE=NOW in /etc/profile?
- Go App deployment error on redhat openshift. CreateContainerError
- error MSB3073: The command "npm install" exited with code 1
- When pushing to ECS, Docker image errors out with module not found error
- Preparation failed: Cannot connect to the Docker daemon at unix:///var/run/docker.sock
- docker-compose is installed but docker compose is not recognized
- How to know if a docker container is running in privileged mode
- What is the point of WORKDIR on Dockerfile?
- How to install PHP composer inside a docker container
- Error starting userland proxy: listen tcp4 0.0.0.0:80: bind: address already in use
- Docker repository server gave HTTP response to HTTPS client
- How can I resolve “server gave HTTP response to HTTPS client”