In your first post, you said that you can set the umask to 002. Have you tried that? I'm pretty sure that even using scp actually "logs in" the user enough so that the shell environment is set up and things like the umask set in .profile or whatever for their shell is sourced and does work. At least it does seem to in my experience.