centos7 apache cannot write to a file it owns

It's likely an SELinux permissions issue. /var/log/audit/audit.log should be able to confirm.

SELinux context is probably system_u:object_r:httpd_sys_content_t:s0, but should be system_u:object_r:httpd_sys_rw_content_t:s0. This can be altered with chcon.

I'm also not sanguine about having a config file within the DocumentRoot of your webserver. I could be mistaken as you haven't provided enough detail, but that would be the case if you haven't altered the defaults.