diff --git a/docs/howto/deployment/fastcgi.txt b/docs/howto/deployment/fastcgi.txt
index a445a2d1a7..3bf231fb19 100644
--- a/docs/howto/deployment/fastcgi.txt
+++ b/docs/howto/deployment/fastcgi.txt
@@ -111,6 +111,14 @@ Running a threaded server on a TCP port::
 Running a preforked server on a Unix domain socket::
 
     ./manage.py runfcgi method=prefork socket=/home/user/mysite.sock pidfile=django.pid
+    
+.. admonition:: Socket security
+
+    Django's default umask requires that the webserver and the Django fastcgi
+    process be run with the same group **and** user. For increased security,
+    you can run them under the same group but as different users. If you do
+    this, you will need to set the umask to 0002 using the ``umask`` argument
+    to ``runfcgi``.
 
 Run without daemonizing (backgrounding) the process (good for debugging)::