You can setup some advanced ACLs on the directory beyond the usual ugo-permission scheme.
In Linux and older Solaris file systems, the setfacl command allows you to create some rules for all files generated in a directory
For Solaris ZFS, you need to use the chmod +A command for advanced ACLs
Here is some help with the Solaris setfacl command and I think it should mostly translate for Linux
originalFileOwner=origOwner
originalGroupOwner=origGroup
altUser=targetUser
#Sets directories back to default with no special ACL
setfacl -s u::rwx,g::r-x,o:---,m:r-x ${appDir}
setfacl -s u::rwx,g::rwx,o:---,m:rwx ${appDir}/import
setfacl -s u::rwx,g::rwx,o:---,m:rwx ${appDir}/export
#Sets directory to allow for group ${altUser} to have read/execute access to ${appDir}
setfacl -s u::rwx,g::r-x,o:---,m:r-x,g:${altUser}:r-x ${appDir}
#Sets directories to all for user ${altUser} to have read/execute access to specific directories
# Permission: u::rwx,g::rwx,m:rwx,o:--- (standard chmod-based permissions of 770)
# Permission: u:${altUser}:r-x (Sets read/write/exec permissions to directory for user=${altUser} )
# Permission: d:u::rwx,d:g::rwx,d:m:rwx,d
:--- (Sets default read/write/exec permissions for files created in this directory, mirrors 'u::rwx,g::rwx,m:rwx,o:---' permission)
# Permission: d:u:${originalFileOwner}:rwx,d:g:${originalGroupOwner}:rwx (Sets default read/write/exec permissions for files created in this directory for original file owners Unix user and group)
# Permission: d:u:${altUser}:r-x (Sets default read/exec permissions for files created in this directory for user=${altUser} )
setfacl -s u::rwx,g::rwx,m:rwx,o:---,u:${altUser}:r-x,d:u::rwx,d:g::rwx,d:m:rwx,d
:---,d:u:${originalFileOwner}:rwx,d:g:${originalGroupOwner}:rwx,d:u:${altUser}:r-x ${appDir}/export
#Sets directories to allow for user ${altUser} to have read/WRITE/execute access to specific directories
# Permission: u::rwx,g::rwx,m:rwx,o:--- (standard chmod-based permissions of 770)
# Permission: u:${altUser}:rwx (Sets read/write/exec permissions to directory for user=${altUser} )
# Permission: d:u::rwx,d:g::rwx,d:m:rwx,d
:--- (Sets default read/write/exec permissions for files created in this directory, mirrors 'u::rwx,g::rwx,m:rwx,o:---' permission)
# Permission: d:u:${originalFileOwner}:rwx,d:g:${originalGroupOwner}:rwx (Sets default read/write/exec permissions for files created in this directory for original file owners Unix user and group)
# Permission: d:u:${altUser}:rwx (Sets default read/write/exec permissions for files created in this directory for user=${altUser} )
setfacl -s u::rwx,g::rwx,m:rwx,o:---,u:${altUser}:rwx,d:u::rwx,d:g::rwx,d:m:rwx,d
:---,d:u:${originalFileOwner}:rwx,d:g:${originalGroupOwner}:rwx,d:u:${altUser}:rwx ${appDir}/import