The job of the operating system is to protect the MySQL installation and its files from illegal external access. In short, this means that only the MySQL processes and authenticated database administrators should ever be able to touch the MySQL installation. However, certain files such as client configuration files do need to be readable by other users to enable them to connect to the server and perform valid operations. You therefore need to pay special attention to how you enable access to MySQL files.
Whatever directory structure you choose for the rest of your MySQL installation, you must keep the MySQL data files in their own directory. By default, a MySQL Unix installation places these files in /usr/local/mysql/data, /usr/var/mysql, or some other separate directory.
Because any user with read access to the MySQL data files or write access to the configuration and executable files has the potential to cause trouble, you should run the MySQL server under a special, dedicated user ID. The default MySQL installation expects a mysql user and group. You can customize this user/group pair to suit your own needs. This user and group should have full access to the MySQL data and should never be used for any purpose other than running MySQL.
If the previous two precautions have been addressed, you have ...