Need a precise user/permission model for running an nginx server

Need a precise user/permission model for running an nginx server

I'm using DigitalOcean to play around with setting up my own server. The
configuration is Ubuntu 13.04 64 Bit.
I've successfully installed nginx, mysql (and other stuff need to run my
test Django app). However, I'm having trouble deciding how to set up
users.
I have root by default. However, it was recommended that I create a
separate user with sudo privileges, so that I can run with lower
privileges while escalating only when required. Let's call this user
"normal" (group "normal").
Then, I also heard the advice of creating a new user for the server
(apparently who doesn't have sudo privileges). This will the user that
nginx workers will use, and the user who will own the directory that
stores my web applications. Let's call this user "nginx" (group "nginx").
Now, I've installed vsftpd to upload my app files. For me to upload to a
directory owned by nginx, I'll need to log in as nginx via FTP. This is
also true when the "normal" user needs to access the webroot owned by the
"nginx" user.
This creates a little lengthy cycle of work when I have to manipulate my
webroot files, while at the same time install system level components
(which can be common dependencies for many django components).
My question being, is this the right way to set up user permissions? Can
you point me towards a better way. Finally, is it unsafe for a user with
sudo privileges to own the webroot?