Should the webserver user have write permission on the uploads/ directory?

view story

http://serverfault.com – I always gave to the webserver user full permissions on these dirs: cache/ logs/ web/uploads/ But now I am wondering if the uploads part is 0K. I was thinking that maybe it would be better if I use a .tmp file for each upload, and then put them in a queue to be moved to uploads/, and do the same for deletions (the queue will be read and validated by a different user). This way, even if an attacker gets to inject malicious code, the uploads/ folder will be safe. (HowTos)