Comment 0 for bug 1993273

Part of the recommendation for CIS hardening 6.2.8 to ensure users' home directories are not world readable,
mysql user's home which is "/var/lib/mysql/" is currently created with 0755 right by the charm itself.

Currently recommendation from the source of the package from mysql is to set a chmod of 0700 to /var/lib/mysql with mysql:mysql as owner

Technically speaking, restricting to at least 750 instead should not be an issue since the folder for the mysql-router is restricted to mysql user anyway.
ubuntu@juju-255cc0-0-lxd-5:~$ ls /var/lib/mysql/ -la
total 12
drwxr-xr-x 3 mysql mysql 4096 Oct 18 07:53 .
drwxr-xr-x 46 root root 4096 Oct 18 07:51 ..
drwx------ 5 mysql mysql 4096 Oct 18 07:54 keystone-mysql-router

The source of the creation seems to be from ./src/lib/charm/openstack/mysql_router.py , in install method with the following code at line 305-309 :
        # Create the directory
        if not os.path.exists(self.mysqlrouter_home_dir):
            ch_core.host.mkdir(
                self.mysqlrouter_home_dir,
                owner=self.mysqlrouter_user,
                group=self.mysqlrouter_group,
                perms=0o755)