Multiple commands in Docker CMD directive

Not understanding what is happening when I try to execute two commands at runtime via CMD directive in `Dockerfile. I assumed that this should work:

CMD ["/etc/init.d/nullmailer", "start", ";", "/usr/sbin/php5-fpm"]

But it's not working. Container has not started. So I had to do it like this:

CMD ["sh", "-c", "/etc/init.d/nullmailer start ; /usr/sbin/php5-fpm"]

I don't understand. Why is that? Why first line is not the right way? Can somebody explain me these "CMD shell format vs JSON format, etc" stuff. In simple words.

Just to note - the same was with command: directive in docker-compose.yml, as expected.

I believe the difference might be because the second command does shell processing while the first does not. Per the official documentation, there are the exec and shell forms. Your first command is an exec form. The exec form does not expand environment variables while the shell form does. It is possible that by using the exec form the command is failing due to its dependence on shell processing. You can check this by running docker logs CONTAINERID

Your second command, the shell form, is equivalent to -

CMD /etc/init.d/nullmailer start ; /usr/sbin/php5-fpm

Excerpts from the documentation -

Note: Unlike the shell form, the exec form does not invoke a command shell. This means that normal shell processing does not happen. For example, CMD [ "echo", "$HOME" ] will not do variable substitution on $HOME. If you want shell processing then either use the shell form or execute a shell directly, for example: CMD [ "sh", "-c", "echo", "$HOME" ].

Don't make it hard on yourself. Just create a bash file "":


/usr/bin/command2 param1

in your Dockerfile do:

RUN chmod +x /

CMD ["/"]

The json syntax of CMD (and RUN and ENTRYPOINT) pass the arguments to the kernel directly as an exec syscall. There is no separating of the command from the arguments by spaces, escaping of quotes, IO redirection, variable substitution, piping between commands, running multiple commands, etc, in the exec syscall. The syscall only takes the executable to run and list of arguments to pass to that executable, and it runs it.

Characters like $ to expand variables, ; to separate commands, (space) to separate arguments, && and || to chain commands, > for output redirection, | to pipe between commands, etc, are all features of the shell and need something like /bin/sh or /bin/bash to interpret and implement them.

If you switch to the string syntax of CMD, docker will run your command with a shell:

CMD /etc/init.d/nullmailer start ; /usr/sbin/php5-fpm

Otherwise, your second syntax does the exact same thing:

CMD ["sh", "-c", "/etc/init.d/nullmailer start ; /usr/sbin/php5-fpm"]

Note that I do not recommend running multiple commands this way inside of a container since there is no error handling if your first command fails, especially if it runs in the background. You also leave a shell running as pid 1 inside the container which will break signal handling, resulting in a 10 second delay and ungraceful kill of your container by docker. The signal handling can be mitigated by using the shell exec command:

CMD /etc/init.d/nullmailer start ; exec /usr/sbin/php5-fpm

However, handling processes silently failing in the background requires you switch to some kind of multi-process manager like supervisord, or preferably breakup your application into multiple containers and deploy them with something like docker-compose.

I guess first command fails because in DOCKER CMD form, only the first parameter is executed, the rest is fed into this command.

The second form works because all commands seperated with ";" are fed into sh command, which executes them.

For example, imagine you have two python commands to run python and python Then using CMD, you can combine the two commands with the single command

CMD python ; python

In Docker compose, this can be done as the following example:

command: ["sh", "-c", "
    apt update && apt install -y libldap-common;
    cp /ca.crt /usr/local/share/ca-certificates/;
    exec apache2-foreground

The exec will switch the context of the main executable to apache2-forground.

I don't think you should put semi comma after "start"

instead of using

CMD ["/etc/init.d/nullmailer", "start", ";", "/usr/sbin/php5-fpm"]


CMD ["/etc/init.d/nullmailer", "start", "/usr/sbin/php5-fpm"]

as docker uses "sh -c", above command will be executed as below

/etc/init.d/nullmailer start
/etc/init.d/nullmailer /usr/sbin/php5-fpm