Sets the owning group of the Unix-domain socket(s).
At a glance
| Property | Value |
|---|---|
| Parameter | unix_socket_group |
| Category | Connections and Authentication |
| Default | (see documentation) |
| Value type | string |
| Change scope | Server restart required (postgresql.conf) |
| Available in | PostgreSQL 12, 13, 14, 15, 16, 17, 18, 19 (added in 12) |
What it does
Sets the owning group of the Unix-domain socket(s). (The owning user of the sockets is always the user that starts the server.) In combination with the parameter unix_socket_permissions this can be used as an additional access control mechanism for Unix-domain connections. By default this is the empty string, which uses the default group of the server user. This parameter can only be set at server start.
This parameter is not supported on Windows. Any setting will be ignored. Also, sockets in the abstract namespace have no file owner, so this setting is also ignored in that case.
(Description quoted from the official PostgreSQL documentation.)
How to apply a change
Set it in postgresql.conf (or with ALTER SYSTEM) and restart the server — this parameter cannot change without a restart.
Inspect the current value and source with SHOW unix_socket_group; or SELECT name, setting, unit, context, source FROM pg_settings WHERE name = 'unix_socket_group';.
Tuning guidance
This is a connectivity or security setting, not a performance knob. Choose the value from your security and network requirements (TLS files, ciphers, keepalives, authentication behaviour) rather than for throughput, and verify it against your organization’s policy. Test changes in staging, because a wrong value here can lock clients out.