This is the correct default behavior; you generally want your R process to be running under a fairly restricted set of permissions, in case there is a security hole in your code (or in Shiny) an attacker won't be able to modify anything. However, if you do need to make modifications then you can change the config to allow that.
In this case, I'd create a subdirectory of your app dir (shiny_test) for the "shiny" user to write to:
# Create the directory
sudo mkdir /var/shiny-server/www/shiny_test/work
# Make shiny the owner of the directory
sudo chown shiny:shiny /var/shiny-server/www/shiny_test/work
Then change the path you pass to write.csv to be "work/time.csv" instead of "time.csv".