This “hehave” is not a show stopper - Nextcloud - currently on version 23.0.3 - is running well.
The current permissions on folders and files are: (on nc install- & data folder)
When ones read the Nextcloud Documentation, there is written:
find nextcloud/ -type d -exec chmod 750 {} ;
find nextcloud/ -type f -exec chmod 640 {} ;
So, it seems there is a mismatch between the doc recommandation & current nc permission settings.
I’m quite sure i did not create/change those permissions;
They are commonly set by the Nextcloud Installer and/or the updater.
They are also set (755 for Folders/644 for files) when user files will be uploaded either by gui nor sync agents.
They are also set (755 for Folders/644 for files) when apps will be updated by the nextcloud app updater.
I am curious about the answers 
Best Mike
btw … i did a short test only to give this evidence (of course i did it know earlier).
on a vbox installation i did execute on /var/www/html
(the nextcloud dir itself has got: (750)
drwxr-x—. 14 apache apache 4096 Jun 3 19:34 nextcloud
)
find nextcloud -type d -exec chmod 750 {} ;
find nextcloud -type f -exec chmod 640 {} ;
currendir dir : /var/www/html
[root@www html]# ls -al nextcloud
total 144
drwxr-x—. 14 apache apache 4096 Jun 3 19:34 .
drwxr-xr-x. 6 root root 115 May 3 18:54 …
drwxr-xr-x. 43 apache apache 4096 Jun 3 19:34 3rdparty
drwxr-x—. 77 apache apache 4096 Jun 3 19:45 apps
-rw-r–r–. 1 apache apache 19327 May 19 12:04 AUTHORS
drwxr-x—. 3 apache apache 168 Jun 3 19:44 config
-rw-r–r–. 1 apache apache 3924 May 19 12:04 console.php
-rw-r–r–. 1 apache apache 34520 May 19 12:04 COPYING
drwxr-xr-x. 22 apache apache 4096 Jun 3 19:34 core
-rw-r–r–. 1 apache apache 6260 May 19 12:04 cron.php
drwxr-xr-x. 2 apache apache 8192 Jun 3 19:34 dist
-rw-r–r–. 1 apache apache 4385 Jun 3 19:44 .htaccess
-rw-r–r–. 1 apache apache 156 May 19 12:04 index.html
-rw-r–r–. 1 apache apache 3456 May 19 12:04 index.php
drwxr-xr-x. 6 apache apache 125 Jun 3 19:34 lib
-rwxr-xr-x. 1 apache apache 283 May 19 12:04 occ
drwxr-xr-x. 2 apache apache 23 Jun 3 19:34 ocm-provider
drwxr-xr-x. 2 apache apache 55 Jun 3 19:33 ocs
drwxr-xr-x. 2 apache apache 23 Jun 3 19:33 ocs-provider
-rw-r–r–. 1 apache apache 3139 May 19 12:04 public.php
-rw-r–r–. 1 apache apache 5340 May 19 12:04 remote.php
drwxr-xr-x. 4 apache apache 133 Jun 3 19:33 resources
-rw-r–r–. 1 apache apache 26 May 19 12:04 robots.txt
-rw-r–r–. 1 apache apache 2452 May 19 12:04 status.php
drwxr-x—. 3 apache apache 35 Jun 3 19:34 themes
drwxr-x—. 2 apache apache 43 Jun 3 19:34 updater
-rw-r–r–. 1 apache apache 101 May 19 12:04 .user.ini
-rw-r–r–. 1 apache apache 382 May 19 12:09 version.php
so the upgrade did change the permissions on some (not on all) folders to 750, other are “ontouched”.
All files seems to have changed to 644 (before: 640).
In case your still wondering. This is an administrator choice.
the manual adviced the best possible security permissions. and this is indeed 750 for folders and 640 for files.
As it seems most people think they can run nextcloud without understanding how to run a server.
in short it is up to the system owner to make the system follow these rules by setting up the system default umask to follow.
if you tell your system to use umask 002 you cannot expect umask 027.
thus you must tell in this case ( nextcloud/update ) for apache2 user to use umask 027 then your files will have the permissions for folders drwxr-x— 750 for files -rw-r----- 640
https://www.cyberciti.biz/tips/understanding-linux-unix-umask-value-usage.html#:~:text=A%20umask%20of%20022%20allows,users%20in%20the%20same%20group.
if you are using apache2 and wish this result you can put " umask 027 " in /etc/apache2/envvars
which is not in the documentation sorry for that.
‘localstorage.umask’ => 0022,
Nextcloud overrides umask to ensure suitable access permissions regardless of webserver/php-fpm configuration and worker state.
WARNING: Modifying this value has security implications and may soft-break the installation.
Most installs shall not modify this value.
Defaults to 0022
Umask Created Files Created Directories
022 644 (rw-r–r–) 755 (rwxr-xr-x)