MySQL Error 53: EE_CONFIG_FILE_PERMISSION_ERROR - Meaning, Causes, and Fixes

What is MySQL Error 53 EE_CONFIG_FILE_PERMISSION_ERROR?

The error message "%s should be readable/writable only by current user" signals that MySQL detected insecure permissions on a configuration file such as my.cnf or .mylogin.cnf. Starting in MySQL 8.0.13, the server exits or the client refuses to start when these files are group- or world-readable.

The check protects credentials and sensitive options that may reside in personal option files.

Addressing the permission problem is mandatory before MySQL will continue to run.

When Does This Error Happen?

The error occurs at server startup, client launch, or whenever MySQL reads an option file using the --defaults-file or --login-path switch.

It is platform-agnostic: Linux, macOS, and Windows all enforce the rule.

Automated deployment tools, Docker images, or manual chmod/chown mistakes commonly introduce the bad permissions that trigger the failure.

Why Fixing It Quickly Matters

Leaving a configuration file wide open exposes connection passwords, SSL keys, and tuning parameters. Attackers with OS access can escalate privileges or exfiltrate data.

Production outages also continue until the file is secured and MySQL restarts cleanly.

What Causes This Error?

Overly permissive POSIX permissions like 644, 664, or 666 on my.cnf or .mylogin.cnf let group or other users read the file, breaking MySQL’s security check.

Incorrect file ownership arises when root creates the file and later runs MySQL as an unprivileged user, causing mismatch between owner UID and the running UID.

Windows ACLs that grant read or write to SYSTEM, Administrators, or Everyone cause the client utility to bail out with EE_CONFIG_FILE_PERMISSION_ERROR.

How to Fix MySQL Error 53 EE_CONFIG_FILE_PERMISSION_ERROR

Verify the exact file called out in the error message, adjust its permissions so only the running user can read and write, and restart the affected MySQL component.

Linux and macOS require chmod 600 plus proper chown.

Windows needs icacls to remove extra ACL entries, leaving only the current user.

Step-by-Step Linux Example

1. Identify file path: usually ~/.my.cnf or /etc/my.cnf.
2. Change owner to mysql OS user if needed.
3. Restrict permissions to 600.
4. Restart mysqld or re-run mysql client.

Common Scenarios and Solutions

Docker builds that COPY a world-readable my.cnf: add RUN chmod 600 /etc/my.cnf to Dockerfile.

Rebuild image.

Automated CI/CD scripts using sudo to write the file: add chown -R mysql:mysql /etc/my.cnf && chmod 600 /etc/my.cnf.

Home directory backups restored with relaxed umask: rerun chmod 600 ~/.my.cnf for each affected account.

Best Practices to Avoid This Error

Set umask 077 in deployment scripts so new files default to owner-only access.

Version control a secure template my.cnf and enforce it via CI checks.

Run periodic security scans or cron jobs that verify 0600 permissions on all MySQL option files and alert on drift.

Use Galaxy’s AI-assisted linting inside the SQL editor to surface permission best-practice reminders when connecting to databases.

Related Errors and Solutions

MySQL Error 1290 - The server is running with --secure-file-priv: occurs when LOAD DATA attempts to read from an unauthorized path.

Fix by adjusting secure-file-priv.

MySQL Error 2002 - Can't connect to local MySQL server: appears when socket or TCP connection fails. Check mysqld status and host/port values.

MySQL Error 1045 - Access denied for user: indicates invalid credentials or host mismatch. Grant proper privileges or correct the password.

.