Many Docker images are set up to run under non-root user accounts. Although it is a solid security practice, we occasionally want root access to a container in order to make modifications for debugging or development purposes. Here are some tips on how to obtain it.
To retrieve container PID:
docker inspect --format {{.State.Pid}} <container_name>
To get container shell access as root:
nsenter --target <PID> --mount --uts --ipc --net --pid
That’s it. You should be logged into the container as root.
You could also run it as a one-liner ;)
nsenter --target $(docker inspect --format {{.State.Pid}} <container_name>) --mount --uts --ipc --net --pid
Possible errors
If you get an error like this, try running the nsenter
command with sudo.
nsenter: reassociate to namespace 'ns/ipc' failed: Operation not permitted