Here are the permissions I've used for Grails apps deployed to Tomcat running the Java security manager.
(read more)The default generated error.gsp view in Grails displays the stacktrace for any exceptions that occur. That's nice for debugging in a development environment but it is a security issue for production as it is information leakage. We can easily turn this off when not in development, and do something useful like redirect to the application homepage.
(read more)