Title: Feature Request: Support for Logging User Commands Inside Docker Containers

General
1

Description:

We are currently working in an environment where multiple users access Docker containers, primarily using a common root user. For audit and security purposes, there is a growing need to track and log the commands executed inside running containers.

Problem Statement:

Docker currently does not offer a built-in mechanism to log shell command activity within containers. As containers are isolated environments and often accessed with a common user (typically root), it is not feasible to trace command-level actions back to specific users.

In our current setup, developers log into the EC2 instances (where Docker containers are running) using individual SSH usernames. They then access containers at runtime using commands like docker exec -it <container-id> bash. The challenge arises because, once inside the container, all users are mapped to the same internal user (usually root), making it impossible to associate container activity with the originating SSH user from the host.

Our primary objective is to track which SSH login user accessed the container and log the set of commands they executed during that session, ideally with timestamps for auditing and traceability purposes.

Use Case:

  • Audit and Compliance Tracking: Maintain visibility into user activity within containers, especially in environments where audit trails are mandatory.
  • User Accountability: Identify which SSH user accessed a container and what commands were executed during that session.
  • Security Monitoring and Incident Response: Detect and investigate unauthorized or suspicious activities inside containers by correlating commands with specific users.
  • Shared Multi-User Environments: In development, staging, or support environments where multiple users access containers via docker exec, ensure traceability and accountability of actions.

Request:

We kindly request the Docker team to consider:

  • Introducing support for logging shell commands executed inside containers

  • Providing options to tag session logs with user identifiers (if available via docker exec, kubectl exec, or SSH session metadata)

  • Enabling secure logging to the host system or an external logging service

Current Efforts:

We are exploring workaround solutions such as auditd and shell wrapping, but these methods are complex and not scalable across container environments.

Request for Guidance:

If native support is not currently available or planned, could the community or Docker team please recommend any alternate or best-practice approach to achieve container command-level logging effectively?

Use case: Shared access to containers in production and pre-production environments

Thank you for your time and support. We look forward to any insights or recommendations from the community.

Best regards,
Yashwanth