Let's assume I am running my program as "user2", which is a member of "group1". If I write to a temporary file and then move it, the owner of the file will have changed to "user2". Only root can change the owner of a file, so I'm stuck.

So you're saying that at the very point where user2 has just written a brand new version of the file, the original ownership and permissions should be in effect immediately, and user2 should be barred from having read access to the data that he just wrote himself? This seems a bit odd.

I can imagine situations where it's important to make sure that user1 maintains ownership of a given file. And since you obviously have a technique that allows user2 to assume ownership, one possibility would be to make sure that user1 applies the same technique at some later time in order to take back ownership.

In effect, the last person to write the file is the current owner. When user1 needs to own the file, he just has to write his own copy (using the standard atomic technique).

If user2 is running a program that produces output that user2 is never supposed to see with his own eyes, then you have the wrong design. The data to be written by (but hidden from) user2 must be passed to a daemon process that is being run by user1 -- you need IPC to handle this sort of ownership issue.