Oh, so the question is how do you make it so the permissions are correct when a user creates a new file... that is a umask question.
In this case, the umask value would be 0066. Files usually aren't created with the execute bit set, and this unsets r-w for group and public. You can test it yourself:
Code:
umask 0066
touch test.file
la test.file
You should see permissions rw------- for test.file.
Now, the question is whether this umask is appropriate for these users throughout the system, or if it's something they should only have within this specific directory. If the former, you can set the umask through their profiles, problem solved.