Nginx – Correct web user for PHP-FPM under Nginx

I've always been accustomed to running PHP under Nginx as the www-data user, for everything: php service, cron, CLI, etc. Recently though, after reading up on firstly this article and then this article, I'd like to know how necessary it is to run these services using a different user? This is for a single Magento 2 application on the server.

Is it sufficient to create a new user:

adduser magento2user
passwd magento2user

usermod -a -G www-data magento2user

Then in php /usr/local/etc/php-fpm.d/www.conf:

[www]  
user = magento2user
group = magento2user
...
listen.owner = www-data
listen.group = www-data

And then finally:

chown -R magento2user:www-data /var/www/html

My confusion is coming from this on the Magento 2 DevDocs:

We recommend two users if you run your own Magento server: one to transfer files and run command-line utilities, and a separate user for the web server software. When possible, this is preferable because it’s more secure.

Instead, you have separate users:

• The web server user, which runs the Magento Admin (including Setup Wizard) and storefront.

• A command-line user, which is a local user account you can use to log in to the server. This user runs Magento cron jobs and command-line utilities.

So by this, should PHP-FPM be run as www-data, but the files be owned by magento2user who belongs to the www-data group?

EDIT after Simon Greenwood's answer below

If I run ps aux | grep nginx | grep -v grep I get the following output:

1 www-data   0:00 nginx: master process nginx -g daemon off;
7 www-data   0:00 nginx: worker process

… so I don't think I need an entry in 'etx/nginx/nginx.conf that reads user www-data