website: document unix_sockets config

website/source/docs/agent/options.html.markdown

@@ -244,8 +244,10 @@ definitions support being updated during a reload.
   Both `rpc` and `http` support binding to Unix domain sockets. A socket can be
   specified in the form `unix:///path/to/socket`. A new domain socket will be
   created at the given path. If the specified file path already exists, Consul
-  will refuse to start and return an error. For information on how to secure
-  socket file permissions, refer to the manual page for your operating system.
+  will attempt to clear the file and create the domain socket in its place.
+  <br><br>
+  The permissions of the socket file are tunable via the `unix_sockets` config
+  construct.
   <br><br>
   When running Consul agent commands against Unix socket interfaces, use the
   `-rpc-addr` or `-http-addr` arguments to specify the path to the socket. You
@@ -429,6 +431,17 @@ definitions support being updated during a reload.
 
 * `ui_dir` - Equivalent to the `-ui-dir` command-line flag.
 
+* `unix_sockets` - This allows tuning the ownership and permissions of the
+  Unix domain socket files created by Consul. Domain sockets are only used if
+  the HTTP or RPC addresses are configured with the `unix://` prefix. The
+  following options are valid within this construct, and apply globally to all
+  sockets created by Consul:
+  <br>
+  * `user` - The name or ID of the user who will own the socket file.
+  * `group` - The group ID ownership of the socket file. Note that this option
+    currently only supports numeric ID's.
+  * `mode` - The permission bits to set on the file.
+
 * `verify_incoming` - If set to True, Consul requires that all incoming
   connections make use of TLS, and that the client provides a certificate signed
   by the Certificate Authority from the `ca_file`. By default, this is false, and