What Is the Difference between CMD and ENTRYPOINT in a Dockerfile?

Better Stack Team
Updated on August 1, 2022

There is a big confusion around similarity and lack of clarity in the difference between the CMD and ENTRYPOINT instruction in Docker. Let’s clear things up.

See the example

Let’s say we want to create a new Ubuntu image whose only purpose is to sleep for a while. The Dockerfile would look something like this:

FROM ubuntu
CMD sleep 10
Copied!

And we would build and run the image like this:

docker build -t docker_sleep .
docker run docker_sleep
# sleep for 10 seconds
Copied!

Just like this, we have executed the CMD instruction. But what actually happened under the hood is that the sleep 10 command was passed to the /bin/sh -c which is the default Linux shell, therefore the command was executed. But why is that, you may ask. This is because the default ENTRYPOINT is set to the /bin/sh -c and the sleep 10 is only the argument that is passed to the ENTRYPOINT.

If we were to build the image from the following Dockerfile:

FROM ubuntu
ENTRYPOINT sleep
Copied!

And build run it like this:

docker run custom_sleep 20
Copied!

It would do exactly the same as last time. Why is that, you may as again. This is because we have specified the ENTRYPOINT as sleep and the argument for the ENTRYPOINT as 20.

The difference

The ENTRYPOINT is the program that is going to be run and the CMD is the argument that is going to be passed to that program. Arguments passed to the container when running docker run <container> are in fact CMD and are passed to the ENTRYPOINT. Default ENTRYPOINT is set to the default Linux shell.

Got an article suggestion? Let us know
Explore more
Licensed under CC-BY-NC-SA

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

We are hiring.

Software is our way of making the world a tiny bit better. We build tools for the makers of tomorrow.

Explore all positions →

Reliability is the
ultimate feature

Delightful observability tools that turn your logs & monitoring into a secret weapon for shipping better software faster.

Explore Better Stack