Many academic environments offer guest accounts to short-term visitors, collaborators, and alumni. Because these users are potentially numerous, are not always accessible, and have no direct interest in maintaining the security of our information, they are typically not trusted. We place their accounts on an expendable machine outside the firewall. These users are warned not to store critical information in these courtesy accounts. This policy does not pose any significant problems for guest users, however, because they typically only require the guest account for accessing their normal machine remotely or for receiving electronic mail.
Expendable machines can also benefit trusted group members in a similar way. An expendable machine with a shadow copy of the internal /etc/passwd file can serve as an emergency access point for users who are otherwise unable to access protected resources from outside the firewall (see Section 5). While the expendable machine does not provide users with access to protected resources, it can still provide basic electronic mail, news, FTP, and web access to our users. Furthermore, exporting user passwords onto an expendable machine does not introduce any additional security risks because user passwords are insufficient for gaining access to protected hosts from outside the firewall.