This rule checks if the configured MySQL configuration file is owned by the root user and belongs to the group named mysql. As well as assert that other users do not have read access to the configuration file.


Keeping the configuration file access restricted to only its interested users and processes is a way of avoiding exposing possible system vulnerabilities and undesired configuration change by unauthorized users.

As stated on the of least privilege principle: user, program, or process should have only the bare minimum privileges necessary to perform its function.

Change your MySQL configuration file to the following permissions:

chmod 640 /etc/mysql/my.cnf
chown root:mysql /etc/mysql/my.cnf