This rule checks if the configured MySQL configuration file is owned by the
root user and belongs to the group named
mysql. As well as assert that
other users do not have read access to the configuration file.
Keeping the configuration file access restricted to only its interested users and processes is a way of avoiding exposing possible system vulnerabilities and undesired configuration change by unauthorized users.
As stated on the of least privilege principle: user, program, or process should have only the bare minimum privileges necessary to perform its function.