diff --git a/docs/howto/deployment/fastcgi.txt b/docs/howto/deployment/fastcgi.txt
index 54611c36dd..b54755a514 100644
--- a/docs/howto/deployment/fastcgi.txt
+++ b/docs/howto/deployment/fastcgi.txt
@@ -110,6 +110,14 @@ Running a threaded server on a TCP port::
 Running a preforked server on a Unix domain socket::
 
     ./manage.py runfcgi method=prefork socket=/home/user/mysite.sock pidfile=django.pid
+    
+.. admonition:: Socket security
+
+    Django's default umask requires that the webserver and the Django fastcgi
+    process be run with the same group **and** user. For increased security,
+    you can run them under the same group but as different users. If you do
+    this, you will need to set the umask to 0002 using the ``umask`` argument
+    to ``runfcgi``.
 
 Run without daemonizing (backgrounding) the process (good for debugging)::