There is nothing special about the 'nobody' user. Just create a user for your instance of aolserver. If you want the group to be 'web' then the user you create should have this as the main group. On Linux:
# groupadd web
# useradd -g web -G anyOtherGroup username
My opinion is that you should start the webserver as root, with -u set to the username. Right now the -g switch doesn't work. I have a patch which allows you to choose another group, assuming the user is a member of that group, but stock aolserver doesn't do it yet. Also, if possible, set the nsd.tcl file as readable only by root. This way, no one can read that file, which has database passwords. Probably this doesn't really matter for postgresql. Comments anyone on this?
If the webserver complains 'permission denied', that is easy enough to solve by correcting the permissions. Log files should probably be owned by the running user. You may choose to use the group permission, but not sure why you would choose that. At most group needs to read the logs, although you could deny that as well. The main use of the group is if you use daemontools svc to restart. Then, when permissions are setup, any member of the group can restart the process. Since you are not using daemontools, you probably don't need to worry about the group.
One issue I see with using the 'nobody' user, is that it is probably setup as a no login type account. This can make it difficult to try things as a particular user, such as logging in to the database.
