Skip to content

Drill: Create a Systemd Drop-in Override

Goal

Create a systemd drop-in override to modify a service's configuration without editing the original unit file.

Setup

  • Linux system running systemd
  • Root access
  • An existing service to override (e.g., nginx, sshd)

Commands

Use systemctl edit to create a drop-in (opens editor):

systemctl edit nginx.service

Or create the drop-in manually:

mkdir -p /etc/systemd/system/nginx.service.d/
cat > /etc/systemd/system/nginx.service.d/override.conf << 'EOF'
[Service]
LimitNOFILE=65536
Environment="NGINX_WORKER_CONNECTIONS=4096"
EOF

Add a restart policy override:

cat > /etc/systemd/system/nginx.service.d/restart.conf << 'EOF'
[Service]
Restart=always
RestartSec=5
EOF

Reload systemd to pick up changes:

systemctl daemon-reload

Verify the override is active:

systemctl cat nginx.service

Show effective configuration:

systemctl show nginx.service -p LimitNOFILE -p Restart -p RestartUSec

Restart the service to apply:

systemctl restart nginx.service

What to Look For

  • systemctl cat shows the original unit file followed by any drop-in overrides
  • Drop-in files are applied in lexical order within the .d/ directory
  • systemctl show displays the final merged configuration values
  • Some directives (like Environment) are additive; others require clearing first

Common Mistakes

  • Forgetting to run systemctl daemon-reload after creating drop-in files
  • Not clearing list-type directives before overriding (e.g., ExecStart= on empty line first)
  • Placing overrides in the wrong directory structure (must be <unit>.d/*.conf)
  • Editing the vendor unit file in /lib/systemd/system instead of using drop-ins

Cleanup

rm -rf /etc/systemd/system/nginx.service.d/
systemctl daemon-reload
systemctl restart nginx.service