I want to accept user uploads via the web. This is on https, apache, linux.

Dear Fellow Monk,
The first question that comes to mind is "what kind of files?" and the second that comes to mind is "for what purpose?"

In other words, analyze the requirement thoroughly

Next you want to assess the "threat level" and what you are trying to protect. This is not always just the server you are doing this work on either. If you are for instance having folks upload resumes to your server then you have a responsiblity to protect those resumes and the private data contained therein.

Another example of a responsibility (liability?) you are taking on with something like this is if you are having folks upload program files you need to protect against copyright infringement, virii, trojans, et. al. not only for the health of your server but to protect other users of your web site.

With that in mind, yes of course, stage the uploaded files into a "quarantene" until you are completely satisfied that they present minimal threat. (Notice I didn't say "represent any threat")

Another step I would take is to log all uploads with information regarding where the files came from. Preferably you want to use some sort of login authentication before allowing an individual to upload anything so you can possibly tie an upload to an individual for accountability sake.

Just a few thoughts that come to mind.