User id's - best practice - apache2 + mongrel_cluster + capi

I am looking for a best practice as far as setting up a deployment
user goes.

I have 3 boxes - development, svn, production and have setup a common
deployment user for all 3 boxes (same user). I’m using ssh key access
to hit the 2 boxes from my development box. I have successfully
deployed to production via capistrano v2 (1.99) using deploy via svn
export; on my production box, i’m running apache2.2 with user/group
set to www and have mongrel_cluster working ok - except
mongrel_cluster is currently running as root. In order to get cap to
deploy properly, i had to make deployment account an administrator
(deploying to mac osx) … have read zed’s mongrel short cut plus the
cap short cut plus googled everything … and i’m looking for a best
practice on setting up the deployment user … right now ps axj shows
my mongrel processes running as root; my httpd running as www …
what’s the best (security-wise) setup for these users and permissions
on the directories …

Any pointers or links would be appreciated.