Error: Cannot write into "config" directory!

ℹ️ Support
, , , ,
1
Support intro

Sorry to hear you’re facing problems. :slightly_frowning_face:

The community help forum (help.nextcloud.com) is for home and non-enterprise users. Support is provided by other community members on a best effort / “as available” basis. All of those responding are volunteering their time to help you.

If you’re using Nextcloud in a business/critical setting, paid and SLA-based support services can be accessed via portal.nextcloud.com where Nextcloud engineers can help ensure your business keeps running smoothly.

Getting help

In order to help you as efficiently (and quickly!) as possible, please fill in as much of the below requested information as you can.

Before clicking submit: Please check if your query is already addressed via the following resources:

(Utilizing these existing resources is typically faster. It also helps reduce the load on our generous volunteers while elevating the signal to noise ratio of the forums otherwise arising from the same queries being posted repeatedly).

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can. :heart:

The Basics

  • Nextcloud Server version (e.g., 29.x.x):
    • Nextcloud Hub 10 (31.0.5)
  • Operating system and version (e.g., Ubuntu 24.04):
    • Linux version 5.14.0-570.52.1.el9_6.x86_64 (RedHat 9.6 - Plow)
  • Web server and version (e.g, Apache 2.4.25):
    • Apache 2.4.62
  • Reverse proxy and version _(e.g. nginx 1.27.2)
    • don’t know
  • PHP version (e.g, 8.3):
    • 8.2.29
  • Is this the first time you’ve seen this error? (Yes / No):
    • yes
  • When did this problem seem to first start?
    • after update to 31.0.10
  • Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
    • manually from archiv, following this guide
  • Are you using CloudfIare, mod_security, or similar? (Yes / No)
    • no

Summary of the issue you are facing:

I upgraded Nextcloud manually via CLI from version 31.0.5 to 31.0.10, I followed this guide:
link

At the end I got message “Update successful”, but after starting apache i’m not able to run web UI → i got error:
“Error
Cannot write into “config” directory! This can usually be fixed by giving the web server write access to the config directory. But, if you prefer to keep config.php file read only, set the option “config_is_read_only” to true in it. See link

image
image751×306 31.2 KB

I checked ACLs in Nextcloud directory, Config directory as well. Apache user is owner of these directories and should be able to write inside.
ACL of dir. /var/www/html/nextcloud/config :
drwxr-x—. (750)
I compared to the old Config dir. (before upgrade) - it was:
drwxr-xr-x. (755)

There is general recommendation that httpd should run under apache user. I found that my apache is running under root. I maybe made some mistake during initial installation, but even when I change ACL to the 755, it doesn’t help, error still the same.
Then I found this explanation: https://askubuntu.com/questions/694036/apache-as-non-root (so it should be fine for me ?). I’m confused.
I checked which user is defined for httpd service in /etc/httpd/conf/httpd.conf:
User apache
Group apache

I verified parent and child processes
ps -ef | grep -i httpd | awk ‘{print $1}’
root
apache
apache
apache
apache
apache

Could you please help to find the misconfig and get it running ?
Thank you very much.

Log entries

Nextcloud

Please provide the log entries from your Nextcloud log that are generated during the time of problem (via the Copy raw option from Administration settings->Logging screen or from your nextcloud.log located in your data directory). Feel free to use a pastebin/gist service if necessary.

too long

Web server / Reverse Proxy

The output of your Apache/nginx/system log in /var/log/httpd/error.log:

[Wed Oct 29 14:06:46.318589 2025] [mpm_event:notice] [pid 995:tid 995] AH00492: caught SIGWINCH, shutting down gracefully
[Wed Oct 29 15:06:14.027632 2025] [core:notice] [pid 81655:tid 81655] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Wed Oct 29 15:06:14.028862 2025] [suexec:notice] [pid 81655:tid 81655] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using server_IP. Set the 'ServerName' directive globally to suppress this message
[Wed Oct 29 15:06:14.056541 2025] [lbmethod_heartbeat:notice] [pid 81655:tid 81655] AH02282: No slotmem from mod_heartmonitor
[Wed Oct 29 15:06:14.063412 2025] [mpm_event:notice] [pid 81655:tid 81655] AH00489: Apache/2.4.62 (Red Hat Enterprise Linux) OpenSSL/3.2.2 configured -- resuming normal operations
[Wed Oct 29 15:06:14.063448 2025] [core:notice] [pid 81655:tid 81655] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Wed Oct 29 15:09:27.669575 2025] [mpm_event:notice] [pid 81655:tid 81655] AH00492: caught SIGWINCH, shutting down gracefully
[Wed Oct 29 15:11:44.883185 2025] [core:notice] [pid 86718:tid 86718] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Wed Oct 29 15:11:44.884385 2025] [suexec:notice] [pid 86718:tid 86718] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using server_IP. Set the 'ServerName' directive globally to suppress this message
[Wed Oct 29 15:11:44.909730 2025] [lbmethod_heartbeat:notice] [pid 86718:tid 86718] AH02282: No slotmem from mod_heartmonitor
[Wed Oct 29 15:11:44.915633 2025] [mpm_event:notice] [pid 86718:tid 86718] AH00489: Apache/2.4.62 (Red Hat Enterprise Linux) OpenSSL/3.2.2 configured -- resuming normal operations
[Wed Oct 29 15:11:44.915669 2025] [core:notice] [pid 86718:tid 86718] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Wed Oct 29 15:15:16.092104 2025] [mpm_event:notice] [pid 86718:tid 86718] AH00492: caught SIGWINCH, shutting down gracefully
[Wed Oct 29 15:15:51.846215 2025] [core:notice] [pid 949:tid 949] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Wed Oct 29 15:15:51.853247 2025] [suexec:notice] [pid 949:tid 949] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using server_IP. Set the 'ServerName' directive globally to suppress this message
[Wed Oct 29 15:15:51.920303 2025] [lbmethod_heartbeat:notice] [pid 949:tid 949] AH02282: No slotmem from mod_heartmonitor
[Wed Oct 29 15:15:51.925797 2025] [mpm_event:notice] [pid 949:tid 949] AH00489: Apache/2.4.62 (Red Hat Enterprise Linux) OpenSSL/3.2.2 configured -- resuming normal operations
[Wed Oct 29 15:15:51.925833 2025] [core:notice] [pid 949:tid 949] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Wed Oct 29 17:08:39.084374 2025] [mpm_event:notice] [pid 949:tid 949] AH00492: caught SIGWINCH, shutting down gracefully
[Wed Oct 29 17:25:21.211375 2025] [core:notice] [pid 947:tid 947] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Wed Oct 29 17:25:21.216136 2025] [suexec:notice] [pid 947:tid 947] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using server_IP. Set the 'ServerName' directive globally to suppress this message
[Wed Oct 29 17:25:21.277995 2025] [lbmethod_heartbeat:notice] [pid 947:tid 947] AH02282: No slotmem from mod_heartmonitor
[Wed Oct 29 17:25:21.288503 2025] [mpm_event:notice] [pid 947:tid 947] AH00489: Apache/2.4.62 (Red Hat Enterprise Linux) OpenSSL/3.2.2 configured -- resuming normal operations
[Wed Oct 29 17:25:21.288532 2025] [core:notice] [pid 947:tid 947] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'

Configuration

Nextcloud

The output of occ config:list system or similar is best, but, if not possible, the contents of your config.php file from /path/to/nextcloud is fine (make sure to remove any identifiable information!):

 occ config:list system:
{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "my.domain.com"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "31.0.10.2",
        "overwrite.cli.url": "http:\/\/server_IP",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "mail_sendmailmode": "smtp",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "25",
        "ldapTLSCert": "\/etc\/pki\/ca-trust\/source\/anchors\/cert_name.pem",
        "loglevel": "2",
        "maintenance": false,
        "twofactor_enforced": "false",
        "twofactor_enforced_groups": [],
        "twofactor_enforced_excluded_groups": [],
        "skeletondirectory": "",
        "app_install_overwrite": [],
        "defaultapp": "dashboard",
        "ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory"
    }
}

Apps

The output of occ app:list (if possible).

Enabled:

  • activity: 4.0.0
  • app_api: 5.0.2
  • bruteforcesettings: 4.0.0
  • circles: 31.0.0
  • cloud_federation_api: 1.14.0
  • comments: 1.21.0
  • contactsinteraction: 1.12.1
  • dashboard: 7.11.0
  • dav: 1.33.0
  • federatedfilesharing: 1.21.0
  • federation: 1.21.0
  • files: 2.3.1
  • files_automatedtagging: 2.0.0
  • files_downloadlimit: 4.0.0
  • files_pdfviewer: 4.0.0
  • files_reminders: 1.4.0
  • files_retention: 2.0.1
  • files_sharing: 1.23.1
  • files_trashbin: 1.21.0
  • files_versions: 1.24.0
  • firstrunwizard: 4.0.0
  • impersonate: 2.0.0
  • logreader: 4.0.0
  • lookup_server_connector: 1.19.0
  • nextcloud_announcements: 3.0.0
  • notifications: 4.0.0
  • oauth2: 1.19.1
  • password_policy: 3.0.0
  • photos: 4.0.0
  • privacy: 3.0.0
  • profile: 1.0.0
  • provisioning_api: 1.21.0
  • recommendations: 4.0.0
  • related_resources: 2.0.0
  • serverinfo: 3.0.0
  • settings: 1.14.0
  • sharebymail: 1.21.0
  • support: 3.0.0
  • survey_client: 3.0.0
  • systemtags: 1.21.1
  • terms_of_service: 4.6.0
  • text: 5.0.2
  • theming: 2.6.1
  • twofactor_backupcodes: 1.20.0
  • twofactor_nextcloud_notification: 5.0.0
  • twofactor_totp: 13.0.0-dev.0
  • updatenotification: 1.21.0
  • user_ldap: 1.22.0
  • user_saml: 7.0.0
  • user_status: 1.11.0
  • viewer: 4.0.0
  • weather_status: 1.11.0
  • webhook_listeners: 1.2.0
  • workflow_script: 2.0.0
  • workflowengine: 2.13.0

Disabled:

  • admin_audit: 1.21.0
  • encryption: 2.19.0
  • files_external: 1.23.0
  • richdocumentscode: 25.4.504 (installed 25.4.504)
  • suspicious_login: 9.0.1

Edge devTool, Console Tab:

  • Refused to apply style from ‘’ because its MIME type (‘text/html’) is not a supported stylesheet MIME type, and strict MIME checking is enabled.

  • Uncaught ReferenceError: OCA is not defined
    at theming.js?v=6b2cfa2e-17:5:1

    (anonymous) @ theming.js?v=6b2cfa2e-17:5

  • GET my_url 503 (Service Unavailable)

  • Manifest fetch from my_url failed, code 503

2

SELinux perhaps? SELinux configuration — Nextcloud latest Administration Manual latest documentation

Note that SELinux permission problems may be caused by SELinux even if the denial is not indicated in the audit logs. This is because SELinux does not log all system calls used for verifying access. See Possible Causes of Silent Denials to solve.

3

thanks very much for this idea.
I ran the SELinux commands during initial installation and didn’t know that I would need to run it once more. It’s fixed now.