Get path to folder outside document root for uploading photos from PHP

Question

Problem:

This problem is three-fold.

1. After reading this advice (How do I secure a folder used to let users upload files?) to store photos in a folder outside document root I encountered a problem when working with Cloud9. The problem is to write the PHP code in a effective way that points to one level above document root and then into the images folder.
2. What permissions should a folder have outside the document root for allowing users to upload photos? I have seen that a number of pages recommend 666 so users can read/write but not execute. The question is, do users really need to read photos? If you are working with database you allow the reading to be done by PHP, not by users. If this is a good case, what permission is then recommended?
3. What is the recommended way to access images that are outside of the document root?

Code:

Currently when I apply this example to the Cloud9 environment I have to write the folder hardcoded.

$upload_dir = '/home/ubuntu/images/';

While the photos upload with success, I feel that hardcoding the path is not a proper way.

Desired outcome:

To find the path to /images folder that is one level outside document root, set correct permissions for the folder, and access uploaded images according to best-practices in PHP.

Answer 1

1) How find path:

define ( DOCUMENT_ROOT, realpath(
        $_SERVER['DOCUMENT_ROOT']
    ) . DIRECTORY_SEPARATOR
);

define ( UPLOAD_DIR, realpath( 
        DOCUMENT_ROOT . 
        DIRECTORY_SEPARATOR . ".." . 
        DIRECTORY_SEPARATOR . "images"
    ) . DIRECTORY_SEPARATOR
);

2) By user is meant in this case, a user who runs the web server. For example, "www-data".