Many Docker images are set up to run under non-root user accounts. Although it is a solid security practice, we occasionally want root access to a container in order to make modifications for debugging or development purposes. Here are some tips on how to obtain it.

To retrieve container PID:

docker inspect --format {{.State.Pid}} <container_name>

To get container shell access as root:

nsenter --target <PID> --mount --uts --ipc --net --pid

That’s it. You should be logged into the container as root.

You could also run it as a one-liner ;)

nsenter --target $(docker inspect --format {{.State.Pid}} <container_name>) --mount --uts --ipc --net --pid

Possible errors

If you get an error like this, try running the nsenter command with sudo.

nsenter: reassociate to namespace 'ns/ipc' failed: Operation not permitted