Permission denied: unable to check htaccess file, ensure it is readable and that '/var/www/html/' is executable

[Slyke]

Fresh install

Nextcloud version: nextcloud:29.0.12
Postgres version: postgres:17.4
Redis version: redis:7.4.2

Logs:

Configuring Redis as session handler
=> Searching for scripts (*.sh) to run, located in the folder: /docker-entrypoint-hooks.d/before-starting
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.244.0.8. Set the 'ServerName' directive globally to suppress this message
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.244.0.8. Set the 'ServerName' directive globally to suppress this message
[Mon Mar 10 09:43:26.128949 2025] [mpm_prefork:notice] [pid 1:tid 1] AH00163: Apache/2.4.62 (Debian) PHP/8.2.27 configured -- resuming normal operations
[Mon Mar 10 09:43:26.128991 2025] [core:notice] [pid 1:tid 1] AH00094: Command line: 'apache2 -D FOREGROUND'

[Mon Mar 10 09:43:37.485752 2025] [core:crit] [pid 70:tid 70] (13)Permission denied: [client 10.244.0.239:0] AH00529: /var/www/html/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/html/' is executable, referer: https://nextcloud.mydomain.xyz/
10.244.0.239 - - [10/Mar/2025:09:43:37 +0000] "GET /favicon.ico HTTP/1.1" 403 527 "https://nextcloud.mydomain.xyz/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:136.0) Gecko/20100101 Firefox/136.0"
[Mon Mar 10 09:43:37.618360 2025] [core:crit] [pid 71:tid 71] (13)Permission denied: [client 10.244.4.39:0] AH00529: /var/www/html/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/html/' is executable
10.244.4.39 - - [10/Mar/2025:09:43:37 +0000] "GET / HTTP/1.1" 403 527 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:136.0) Gecko/20100101 Firefox/136.0"
[Mon Mar 10 09:43:37.698295 2025] [core:crit] [pid 72:tid 72] (13)Permission denied: [client 10.244.7.169:0] AH00529: /var/www/html/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/html/' is executable, referer: https://nextcloud.mydomain.xyz/

From within Nextcloud instance:

# ls -ahl /var/www/html/
total 1.3M
drwxrwxrwx 1 www-data www-data  554 Mar  9 10:45 .
drwxrwxr-x 1 www-data root     4.0K Feb 26 01:29 ..
-rw-r--r-- 1 www-data www-data 4.3K Mar  9 10:42 .htaccess
-rw-r--r-- 1 www-data www-data  101 Mar  9 10:42 .user.ini
drwxr-xr-x 1 www-data www-data  802 Mar  9 10:43 3rdparty
-rw-r--r-- 1 www-data www-data  24K Mar  9 10:42 AUTHORS
-rw-r--r-- 1 www-data www-data  34K Mar  9 10:42 COPYING
drwxr-xr-x 1 www-data www-data 1.2K Mar  9 10:44 apps
-rw-r--r-- 1 www-data www-data 2.1K Mar  9 10:42 composer.json
-rw-r--r-- 1 www-data www-data 3.1K Mar  9 10:42 composer.lock
drwxr-xr-x 1 www-data www-data  448 Mar  9 10:45 config
-rw-r--r-- 1 www-data www-data 4.1K Mar  9 10:42 console.php
drwxr-xr-x 1 www-data www-data  526 Mar  9 10:44 core
-rw-r--r-- 1 www-data www-data 8.3K Mar  9 10:42 cron.php
drwxr-xr-x 1 www-data www-data    0 Mar  9 10:45 custom_apps
drwxr-xr-x 1 www-data www-data    0 Mar  9 10:45 data
drwxr-xr-x 1 www-data www-data  15K Mar  9 10:45 dist
-rw-r--r-- 1 www-data www-data  156 Mar  9 10:42 index.html
-rw-r--r-- 1 www-data www-data 4.5K Mar  9 10:42 index.php
drwxr-xr-x 1 www-data www-data  126 Mar  9 10:45 lib
-rwxrwxrwx 1 root     root        0 Mar 10 09:43 nextcloud-init-sync.lock
-rwxr-xr-x 1 www-data www-data  283 Mar  9 10:42 occ
drwxr-xr-x 1 www-data www-data   50 Mar  9 10:45 ocs
drwxr-xr-x 1 www-data www-data   18 Mar  9 10:45 ocs-provider
-rw-r--r-- 1 www-data www-data 1.1M Mar  9 10:42 package-lock.json
-rw-r--r-- 1 www-data www-data 7.0K Mar  9 10:42 package.json
-rw-r--r-- 1 www-data www-data 3.9K Mar  9 10:42 public.php
-rw-r--r-- 1 www-data www-data 5.5K Mar  9 10:42 remote.php
drwxr-xr-x 1 www-data www-data  158 Mar  9 10:45 resources
-rw-r--r-- 1 www-data www-data   26 Mar  9 10:42 robots.txt
-rw-r--r-- 1 www-data www-data 2.5K Mar  9 10:42 status.php
drwxr-xr-x 1 www-data www-data   26 Mar  9 10:45 themes
-rw-r--r-- 1 www-data www-data  385 Mar  9 10:45 version.php
# cat .htaccess | head -n 5
<IfModule mod_headers.c>
  <IfModule mod_setenvif.c>
    <IfModule mod_fcgid.c>
       SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
       RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
# whoami
root

Fix is:

chmod -R 755 /var/www/html/

[joshtrichards]

Unable to reproduce.

As noted in the bug reporting issue template:

When reporting problems, please include your complete Docker Compose file (or run commands) and your Nextcloud Server config (e.g. occ config:list system). Incomplete reports cause extra work for all parties involved and delay resolution.

Another relevant factor: whether you're using an alternative user (https://github.com/nextcloud/docker/?tab=readme-ov-file#running-as-an-arbitrary-user--file-permissions--changing-the-default-container-user).