diff --git a/config_panel.toml b/config_panel.toml
index 4e458b6..e5e88ae 100644
--- a/config_panel.toml
+++ b/config_panel.toml
@@ -3,14 +3,19 @@ version = "1.0"
 [main]
 name = "Nextcloud configuration"
 
-    [main.maintenance_mode]
-    name = "Maintenance mode"
+    [main.maintenance]
+    name = "Maintenance"
 
-        [main.maintenance_mode.maintenance_mode]
+        [main.maintenance.maintenance_mode]
         ask = "Enable maintenance mode"
         type = "boolean"
         default = "0"
 
+        [main.maintenance.set_permissions_button]
+        ask.en = "Set permissions for all data (Can take up to several hours if users have a lot of data)"
+        type = "button"
+        style = "success"
+
     [main.addressbook]
     name = "Address book configuration"
 
diff --git a/scripts/_common.sh b/scripts/_common.sh
index 65cce78..653a0b0 100644
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -8,6 +8,19 @@
 # EXPERIMENTAL HELPERS
 #=================================================
 
+wait_nginx_reload() {
+    # Nginx may take some time to support the new configuration,
+    # wait for the nextcloud configuration file to disappear from nginx before checking the CalDAV/CardDAV URL.
+    timeout=30
+    for i in $(seq 1 $timeout); do
+        if ! ynh_exec_warn_less nginx -T | grep --quiet "# configuration file /etc/nginx/conf.d/$domain.d/$app.conf:"; then
+            break
+        fi
+        sleep 1
+    done
+}
+
+
 # Check if an URL is already handled
 # usage: is_url_handled --domain=DOMAIN --path=PATH_URI
 is_url_handled() {
diff --git a/scripts/change_url b/scripts/change_url
index e7838cb..554f7c4 100644
--- a/scripts/change_url
+++ b/scripts/change_url
@@ -14,6 +14,19 @@ source /usr/share/yunohost/helpers
 #=================================================
 ynh_script_progression --message="Updating NGINX web server configuration..." --weight=2
 
+if [ $change_domain -eq 1 ]
+then
+    # Check if .well-known is available for this domain
+    if is_url_handled --domain="$new_domain" --path="/.well-known/caldav" || is_url_handled --domain="$new_domain" --path="/.well-known/carddav"
+    then
+        ynh_print_warn --message="Another app already uses the domain $new_domain to serve a CalDAV/CardDAV feature. You may encounter issues when dealing with your calendar or address book."
+
+        # Remove lines about .well-known/carddav and caldav with sed.
+        sed --in-place --regexp-extended '/location = \/\.well\-known\/(caldav|carddav)/d' "/etc/nginx/conf.d/$domain.d/$app.conf"
+        ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf"
+    fi
+fi
+
 ynh_change_url_nginx_config
 
 #=================================================
@@ -37,16 +50,6 @@ then
 
     # Reload php fpm, necessary for force nextcloud to re-read config.php, cf opcache.revalidate_freq
     ynh_systemd_action --service_name=php${phpversion}-fpm --action=reload
-
-    # Check if .well-known is available for this domain
-    if is_url_handled --domain="$new_domain" --path="/.well-known/caldav" || is_url_handled --domain="$new_domain" --path="/.well-known/carddav"
-    then
-        ynh_print_warn --message="Another app already uses the domain $new_domain to serve a CalDAV/CardDAV feature. You may encounter issues when dealing with your calendar or address book."
-
-        # Remove lines about .well-known/carddav and caldav with sed.
-        sed --in-place --regexp-extended '/location = \/\.well\-known\/(caldav|carddav)/d' "/etc/nginx/conf.d/$new_domain.d/$app.conf"
-        ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
-    fi
 fi
 
 #=================================================
diff --git a/scripts/config b/scripts/config
index 93ced20..e231009 100644
--- a/scripts/config
+++ b/scripts/config
@@ -105,6 +105,24 @@ set__fpm_free_footprint() {
     fi
 }
 
+#=================================================
+# SPECIFIC RUNNERS FOR TOML SHORT KEYS
+#=================================================
+
+function run__set_permissions_button() {
+    local data_dir=$(ynh_app_setting_get --app=$app --key=data_dir)
+    ynh_print_info "Set permissions, it may take some time..."
+    chown -R $app:www-data "$install_dir"
+    chown -R $app: "$data_dir"
+    find $install_dir/ -type f -print0 | xargs -r0 chmod 0644
+    find $install_dir/ -type d -print0 | xargs -r0 chmod 0755
+    find $data_dir/data/ -type f -print0 | xargs -r0 chmod 0640
+    find $data_dir/data/ -type d -print0 | xargs -r0 chmod 0750
+    chmod 640 "$install_dir/config/config.php"
+    chmod 755 /home/yunohost.app
+    chmod 750 $install_dir
+}
+
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
diff --git a/scripts/install b/scripts/install
index 563ad82..e334886 100755
--- a/scripts/install
+++ b/scripts/install
@@ -55,7 +55,8 @@ exec_occ() {
 }
 
 # Set write access for the following commands
-chown -R $app: "$install_dir" "$data_dir"
+chown -R $app:www-data "$install_dir"
+chown -R $app: "$data_dir"
 
 # Define password in an intermediate var
 # The fact that it's called _password allows it to be
@@ -234,7 +235,7 @@ find $install_dir/ -type f -print0 | xargs -r0 chmod 0644
 find $install_dir/ -type d -print0 | xargs -r0 chmod 0755
 find $data_dir/data/ -type f -print0 | xargs -r0 chmod 0640
 find $data_dir/data/ -type d -print0 | xargs -r0 chmod 0750
-chmod 640 "$install_dir/config/config.php"
+chmod 600 "$install_dir/config/config.php"
 chmod 755 /home/yunohost.app
 chmod 750 $install_dir
 
diff --git a/scripts/restore b/scripts/restore
index f66ba4f..89916f2 100755
--- a/scripts/restore
+++ b/scripts/restore
@@ -84,7 +84,7 @@ find $install_dir/ -type f -print0 | xargs -r0 chmod 0644
 find $install_dir/ -type d -print0 | xargs -r0 chmod 0755
 find $data_dir/data/ -type f -print0 | xargs -r0 chmod 0640
 find $data_dir/data/ -type d -print0 | xargs -r0 chmod 0750
-chmod 640 "$install_dir/config/config.php"
+chmod 600 "$install_dir/config/config.php"
 chmod 755 /home/yunohost.app
 chmod 750 $install_dir
 
diff --git a/scripts/upgrade b/scripts/upgrade
index b781281..bc75eb4 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -172,7 +172,7 @@ then
     ynh_script_progression --message="Upgrading $app..." --weight=3
 
     # Set write access for the following commands
-    chown -R $app: "$install_dir" "$data_dir"
+    chown -R $app:www-data "$install_dir"
 
     # Print the current version number of Nextcloud
     exec_occ -V
@@ -232,7 +232,7 @@ then
         mv "$tmpdir" "$install_dir"
 
         # Set write access for the following commands
-        chown -R $app: "$install_dir" "$data_dir"
+        chown -R $app:www-data "$install_dir"
 
         # Upgrade Nextcloud (SUCCESS = 0, UP_TO_DATE = 3)
         exec_occ maintenance:mode --off
@@ -350,12 +350,9 @@ ynh_script_progression --message="Reapplying file permissions..." --weight=2
 
 # Fix app ownerships & permissions
 chown -R $app:www-data "$install_dir"
-chown -R $app: "$data_dir"
 find $install_dir/ -type f -print0 | xargs -r0 chmod 0644
 find $install_dir/ -type d -print0 | xargs -r0 chmod 0755
-find $data_dir/data/ -type f -print0 | xargs -r0 chmod 0640
-find $data_dir/data/ -type d -print0 | xargs -r0 chmod 0750
-chmod 640 "$install_dir/config/config.php"
+chmod 600 "$install_dir/config/config.php"
 chmod 755 /home/yunohost.app
 chmod 750 $install_dir
 
@@ -382,6 +379,8 @@ ynh_app_setting_delete --app=$app --key="checksum__etc_nginx_conf.d_$domain.d_$a
 # Wait untils NGINX has fully reloaded
 ynh_systemd_action --service_name=nginx --action=reload --line_match="Reloaded" --log_path="systemd"
 
+wait_nginx_reload
+
 # Check if .well-known is available for this domain
 if is_url_handled --domain="$domain" --path="/.well-known/caldav" || is_url_handled --domain="$domain" --path="/.well-known/carddav"
 then