In case someone runs across this thread because they have a similar situation, here was my solution. I am a volunteer webmaster who’s learning by doing. I’m not a programmer, I rarely edit PHP files (only with very specific instructions) and I don’t maintain the server we’re on.
Editing file permissions and assigning values was really beyond my depth. My problem was solved by the Omni Secure Files plugin. Whatever files (PDF, DOC, JPEG, etc.) I don’t want non-members to access get uploaded through this plugin. When I want to add the file as an element or link on a page, I use the special url created for the file by the plugin.
Yay me!