Should the 'nobody' user on my headless Ubuntu server have shell access?

The nobody user shouldn't need a shell but you could find that changing it may break something on Ubuntu. You can always give it a shot by changing it to nologin and see if anything breaks. There may be other system users that should not have a shell as well, see Your Distro is Insecure: Ubuntu. The main reason that nobody shouldn't have a shell is that a lot of externally facing programs like httpd run as nobody and it provides a foothold into your system if someone can compromise the account. Having it set to nologin puts up another hurdle to jump although it probably isn't much of a hurdle.