MySQL skips world-writable option files for security and logs Error 54 EE_IGNORE_WORLD_WRITABLE_CONFIG_FILE at startup or client invocation.
MySQL Error 54 EE_IGNORE_WORLD_WRITABLE_CONFIG_FILE means the server or client ignored a world-writable my.cnf file. Change the file mode to 600 or 644, ensure proper owner, then restart MySQL to clear the error.
World-writable config file '%s' is ignored. EE_IGNORE_WORLD_WRITABLE_CONFIG_FILE was added in 8.0.13.
The message “World-writable config file '%s' is ignored” appears in MySQL 8.0.13+ when a my.cnf or client option file has permissions that allow write access to all users. MySQL refuses to read such a file, raises internal error 54, and continues with default or remaining option files.
The safeguard protects credentials, SSL keys, and other secrets that might be stored in the option file.
Because the file is skipped entirely, expected parameters are lost, which can alter authentication, paths, or buffer sizes.
The error is triggered whenever mysqld, mysql, or any MySQL utility evaluates an option file whose UNIX mode includes the global write bit (octal 0666 or 0777). It is most common on Docker volumes, shared NFS mounts, or when files are created with an umask of 000.
Ownership mismatches also matter.
Even with 644, if the file is owned by a different user and group write is present, the server treats it as insecure.
Correct the permissions and ownership of each referenced option file, then restart or rerun the client so that MySQL re-reads the now-safe file.
The quickest safe modes are 600 (rw-) for private credentials or 644 (rw-r--r--) for public parameters.
After adjusting the mode, validate with ls -l /etc/mysql/my.cnf and check the MySQL error log or re-issue the command. The warning should disappear.
Docker Compose – Mounting .cnf from the host often preserves 0777.
Add a chmod 644 ./my.cnf step in the Dockerfile or use volumes: with cached,uid=....
CI/CD pipelines – Build scripts that use echo "..." > my.cnf without resetting umask inherit permissive modes. Insert umask 077 before creating the file.
Use a restrictive umask (077) in shell profiles and automation scripts. Store credentials in environment variables or MySQL’s client login path instead of plain files.
Monitor file modes with operating-system security tools.
In Galaxy’s desktop SQL editor you can attach startup scripts that run a quick SHOW VARIABLES LIKE 'basedir'; check; if the query fails because options were not read, Galaxy’s AI copilot suggests chmod commands in-context, reducing downtime.
Error 55 ER_OPEN_MANAGED_FILE_FAILED – raised when MySQL cannot open an option file due to missing read permissions.
Fix by granting 600 and correct owner.
Error 3159 ER_SECURE_TRANSPORT_REQUIRED – appears when SSL is required but not configured, sometimes masked when the option file that sets ssl-ca is ignored by Error 54. Resolve Error 54 first, then verify SSL paths.
.
No, the server starts but ignores the insecure file, so some variables may remain default.
Use 600 when the file contains passwords; 644 is acceptable if no secrets are inside.
No. Restart the client or daemon so MySQL reloads option files during initialization.
Disabling is not recommended and only possible by patching source. Correct permissions instead.
.avif)
.avif){kind=logo}
