use a more secure approach to the my.pwd file by using it under superuser privileges only

mysql/mysql.spec

@@ -213,8 +213,8 @@ AutoReqProv:  no
     %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \
 %if "%{with_server}" == "yes"
         %{l_files_std} \
-        '%config %{l_prefix}/etc/mysql/my.cnf' \
-        '%config %attr(600,%{l_rusr},%{l_rgrp}) %{l_prefix}/etc/mysql/my.pwd' \
+        '%config %attr(644,%{l_musr},%{l_mgrp}) %{l_prefix}/etc/mysql/my.cnf' \
+        '%config %attr(600,%{l_susr},%{l_mgrp}) %{l_prefix}/etc/mysql/my.pwd' \
         '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/mysql' \
         '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/mysql/tmp'
 %else
@@ -241,9 +241,6 @@ AutoReqProv:  no
         #   after install, create initial database
         $RPM_INSTALL_PREFIX/bin/mysql_install_db \
             --defaults-file=$RPM_INSTALL_PREFIX/etc/mysql/my.cnf >/dev/null 2>&1
-        chown %{l_rusr}:%{l_rgrp} \
-            $RPM_INSTALL_PREFIX/etc/mysql/my.cnf \
-            $RPM_INSTALL_PREFIX/etc/mysql/my.pwd
         chown -R %{l_rusr}:%{l_rgrp} $RPM_INSTALL_PREFIX/var/mysql/*
         ( echo "An initial MySQL DB was created. The owner of the database"
           echo "is the DB user 'root'. Its initial password is empty."

mysql/rc.mysql

@@ -52,7 +52,7 @@
         --pid-file="$mysql_pid_file" \
         --err-log="$mysql_log_err" &
 
-%stop -p 400 -u @l_rusr@
+%stop -p 400 -u @l_susr@
     rcService mysql enable yes || exit 0
     rcService mysql active no  && exit 0
     @l_prefix@/bin/mysqladmin \