Sets the access permissions of the Unix-domain socket(s).
At a glance
| Property | Value |
|---|---|
| Parameter | unix_socket_permissions |
| Category | Connections and Authentication |
| Default | (see documentation) |
| Value type | integer |
| Change scope | Per-session (SET) |
| Available in | PostgreSQL 12, 13, 14, 15, 16, 17, 18, 19 (added in 12) |
What it does
Sets the access permissions of the Unix-domain socket(s). Unix-domain sockets use the usual Unix file system permission set. The parameter value is expected to be a numeric mode specified in the format accepted by the chmod and umask system calls. (To use the customary octal format the number must start with a 0 (zero).)
The default permissions are 0777, meaning anyone can connect. Reasonable alternatives are 0770 (only user and group, see also unix_socket_group) and 0700 (only user). (Note that for a Unix-domain socket, only write permission matters, so there is no point in setting or revoking read or execute permissions.)
(Description quoted from the official PostgreSQL documentation.)
How to apply a change
Can be set per session with SET, per role/database with ALTER ROLE/DATABASE ... SET, or globally in postgresql.conf.
Inspect the current value and source with SHOW unix_socket_permissions; or SELECT name, setting, unit, context, source FROM pg_settings WHERE name = 'unix_socket_permissions';.
Tuning guidance
This is a connectivity or security setting, not a performance knob. Choose the value from your security and network requirements (TLS files, ciphers, keepalives, authentication behaviour) rather than for throughput, and verify it against your organization’s policy. Test changes in staging, because a wrong value here can lock clients out.