The actual trick works like this -
- keep the standard "my.cnf" without passwords, and world readable, as it will control the behaviour of many utilities.
- Add a .my.cnf (note the leading dot!) in the homedir for the root user - it will be read automatically by the mysql utilities when executed under the root account. So put there the password, and make the file 600.
- Alternatively, if you are on a unix that uses sudo instead of really having a root account, have a "secondary" configuration file with the passwords, owned by root and 600. Load it with the --defaults-extra-file parameter. This is what Debian and Ubuntu do, in the /etc/mysql directory, the file is called debian.cnf .