Blob Blame History Raw
diff -up shadow-4.6/lib/commonio.c.libsubid_not_print_error_messages shadow-4.6/lib/commonio.c
--- shadow-4.6/lib/commonio.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.668172672 +0100
+++ shadow-4.6/lib/commonio.c	2021-11-03 09:28:20.444277611 +0100
@@ -147,7 +147,7 @@ static int do_lock_file (const char *fil
 	fd = open (file, O_CREAT | O_TRUNC | O_WRONLY, 0600);
 	if (-1 == fd) {
 		if (log) {
-			(void) fprintf (stderr,
+			(void) fprintf (shadow_logfd,
 			                "%s: %s: %s\n",
 			                Prog, file, strerror (errno));
 		}
@@ -159,7 +159,7 @@ static int do_lock_file (const char *fil
 	len = (ssize_t) strlen (buf) + 1;
 	if (write (fd, buf, (size_t) len) != len) {
 		if (log) {
-			(void) fprintf (stderr,
+			(void) fprintf (shadow_logfd,
 			                "%s: %s: %s\n",
 			                Prog, file, strerror (errno));
 		}
@@ -172,7 +172,7 @@ static int do_lock_file (const char *fil
 	if (link (file, lock) == 0) {
 		retval = check_link_count (file);
 		if ((0==retval) && log) {
-			(void) fprintf (stderr,
+			(void) fprintf (shadow_logfd,
 			                "%s: %s: lock file already used\n",
 			                Prog, file);
 		}
@@ -183,7 +183,7 @@ static int do_lock_file (const char *fil
 	fd = open (lock, O_RDWR);
 	if (-1 == fd) {
 		if (log) {
-			(void) fprintf (stderr,
+			(void) fprintf (shadow_logfd,
 			                "%s: %s: %s\n",
 			                Prog, lock, strerror (errno));
 		}
@@ -195,7 +195,7 @@ static int do_lock_file (const char *fil
 	close (fd);
 	if (len <= 0) {
 		if (log) {
-			(void) fprintf (stderr,
+			(void) fprintf (shadow_logfd,
 			                "%s: existing lock file %s without a PID\n",
 			                Prog, lock);
 		}
@@ -206,7 +206,7 @@ static int do_lock_file (const char *fil
 	buf[len] = '\0';
 	if (get_pid (buf, &pid) == 0) {
 		if (log) {
-			(void) fprintf (stderr,
+			(void) fprintf (shadow_logfd,
 			                "%s: existing lock file %s with an invalid PID '%s'\n",
 			                Prog, lock, buf);
 		}
@@ -216,7 +216,7 @@ static int do_lock_file (const char *fil
 	}
 	if (kill (pid, 0) == 0) {
 		if (log) {
-			(void) fprintf (stderr,
+			(void) fprintf (shadow_logfd,
 			                "%s: lock %s already used by PID %lu\n",
 			                Prog, lock, (unsigned long) pid);
 		}
@@ -226,7 +226,7 @@ static int do_lock_file (const char *fil
 	}
 	if (unlink (lock) != 0) {
 		if (log) {
-			(void) fprintf (stderr,
+			(void) fprintf (shadow_logfd,
 			                "%s: cannot get lock %s: %s\n",
 			                Prog, lock, strerror (errno));
 		}
@@ -238,13 +238,13 @@ static int do_lock_file (const char *fil
 	if (link (file, lock) == 0) {
 		retval = check_link_count (file);
 		if ((0==retval) && log) {
-			(void) fprintf (stderr,
+			(void) fprintf (shadow_logfd,
 			                "%s: %s: lock file already used\n",
 			                Prog, file);
 		}
 	} else {
 		if (log) {
-			(void) fprintf (stderr,
+			(void) fprintf (shadow_logfd,
 			                "%s: cannot get lock %s: %s\n",
 			                Prog, lock, strerror (errno));
 		}
@@ -435,7 +435,7 @@ int commonio_lock (struct commonio_db *d
 		if (0 == lock_count) {
 			if (lckpwdf () == -1) {
 				if (geteuid () != 0) {
-					(void) fprintf (stderr,
+					(void) fprintf (shadow_logfd,
 					                "%s: Permission denied.\n",
 					                Prog);
 				}
@@ -471,7 +471,7 @@ int commonio_lock (struct commonio_db *d
 		}
 		/* no unnecessary retries on "permission denied" errors */
 		if (geteuid () != 0) {
-			(void) fprintf (stderr, "%s: Permission denied.\n",
+			(void) fprintf (shadow_logfd, "%s: Permission denied.\n",
 			                Prog);
 			return 0;
 		}
@@ -1101,7 +1101,7 @@ int commonio_update (struct commonio_db
 	p = find_entry_by_name (db, db->ops->getname (eptr));
 	if (NULL != p) {
 		if (next_entry_by_name (db, p->next, db->ops->getname (eptr)) != NULL) {
-			fprintf (stderr, _("Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"), db->ops->getname (eptr), db->filename);
+			fprintf (shadow_logfd, _("Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"), db->ops->getname (eptr), db->filename);
 			db->ops->free (nentry);
 			return 0;
 		}
@@ -1206,7 +1206,7 @@ int commonio_remove (struct commonio_db
 		return 0;
 	}
 	if (next_entry_by_name (db, p->next, name) != NULL) {
-		fprintf (stderr, _("Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"), name, db->filename);
+		fprintf (shadow_logfd, _("Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"), name, db->filename);
 		return 0;
 	}
 
diff -up shadow-4.6/lib/encrypt.c.libsubid_not_print_error_messages shadow-4.6/lib/encrypt.c
--- shadow-4.6/lib/encrypt.c.libsubid_not_print_error_messages	2018-04-29 18:42:37.000000000 +0200
+++ shadow-4.6/lib/encrypt.c	2021-11-03 09:24:05.681172775 +0100
@@ -78,7 +78,7 @@
 				method = &nummethod[0];
 			}
 		}
-		(void) fprintf (stderr,
+		(void) fprintf (shadow_logfd,
 		                _("crypt method not supported by libcrypt? (%s)\n"),
 		                method);
 		exit (EXIT_FAILURE);
diff -up shadow-4.6/lib/getdef.c.libsubid_not_print_error_messages shadow-4.6/lib/getdef.c
--- shadow-4.6/lib/getdef.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.670172687 +0100
+++ shadow-4.6/lib/getdef.c	2021-11-03 09:24:05.681172775 +0100
@@ -233,7 +233,7 @@ int getdef_num (const char *item, int df
 	if (   (getlong (d->value, &val) == 0)
 	    || (val > INT_MAX)
 	    || (val < INT_MIN)) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("configuration error - cannot parse %s value: '%s'"),
 		         item, d->value);
 		return dflt;
@@ -268,7 +268,7 @@ unsigned int getdef_unum (const char *it
 	if (   (getlong (d->value, &val) == 0)
 	    || (val < 0)
 	    || (val > INT_MAX)) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("configuration error - cannot parse %s value: '%s'"),
 		         item, d->value);
 		return dflt;
@@ -301,7 +301,7 @@ long getdef_long (const char *item, long
 	}
 
 	if (getlong (d->value, &val) == 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("configuration error - cannot parse %s value: '%s'"),
 		         item, d->value);
 		return dflt;
@@ -334,7 +334,7 @@ unsigned long getdef_ulong (const char *
 
 	if (getulong (d->value, &val) == 0) {
 		/* FIXME: we should have a getulong */
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("configuration error - cannot parse %s value: '%s'"),
 		         item, d->value);
 		return dflt;
@@ -372,7 +372,7 @@ int putdef_str (const char *name, const
 	cp = strdup (value);
 	if (NULL == cp) {
 		(void) fputs (_("Could not allocate space for config info.\n"),
-		              stderr);
+		              shadow_logfd);
 		SYSLOG ((LOG_ERR, "could not allocate space for config info"));
 		return -1;
 	}
@@ -417,7 +417,7 @@ static /*@observer@*/ /*@null@*/struct i
 			goto out;
 		}
 	}
-	fprintf (stderr,
+	fprintf (shadow_logfd,
 	         _("configuration error - unknown item '%s' (notify administrator)\n"),
 	         name);
 	SYSLOG ((LOG_CRIT, "unknown configuration item `%s'", name));
diff -up shadow-4.6/libmisc/addgrps.c.libsubid_not_print_error_messages shadow-4.6/libmisc/addgrps.c
--- shadow-4.6/libmisc/addgrps.c.libsubid_not_print_error_messages	2018-04-29 18:42:37.000000000 +0200
+++ shadow-4.6/libmisc/addgrps.c	2021-11-03 09:24:05.681172775 +0100
@@ -93,7 +93,7 @@ int add_groups (const char *list)
 
 		grp = getgrnam (token); /* local, no need for xgetgrnam */
 		if (NULL == grp) {
-			fprintf (stderr, _("Warning: unknown group %s\n"),
+			fprintf (shadow_logfd, _("Warning: unknown group %s\n"),
 				 token);
 			continue;
 		}
@@ -105,7 +105,7 @@ int add_groups (const char *list)
 		}
 
 		if (ngroups >= sysconf (_SC_NGROUPS_MAX)) {
-			fputs (_("Warning: too many groups\n"), stderr);
+			fputs (_("Warning: too many groups\n"), shadow_logfd);
 			break;
 		}
 		tmp = (gid_t *) realloc (grouplist, (size_t)(ngroups + 1) * sizeof (GETGROUPS_T));
diff -up shadow-4.6/libmisc/audit_help.c.libsubid_not_print_error_messages shadow-4.6/libmisc/audit_help.c
--- shadow-4.6/libmisc/audit_help.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.649172520 +0100
+++ shadow-4.6/libmisc/audit_help.c	2021-11-03 09:24:05.681172775 +0100
@@ -59,7 +59,7 @@ void audit_help_open (void)
 			return;
 		}
 		(void) fputs (_("Cannot open audit interface - aborting.\n"),
-		              stderr);
+		              shadow_logfd);
 		exit (EXIT_FAILURE);
 	}
 }
diff -up shadow-4.6/libmisc/chowntty.c.libsubid_not_print_error_messages shadow-4.6/libmisc/chowntty.c
--- shadow-4.6/libmisc/chowntty.c.libsubid_not_print_error_messages	2018-04-29 18:42:37.000000000 +0200
+++ shadow-4.6/libmisc/chowntty.c	2021-11-03 09:24:05.681172775 +0100
@@ -75,7 +75,7 @@ void chown_tty (const struct passwd *inf
 	    || (fchmod (STDIN_FILENO, (mode_t)getdef_num ("TTYPERM", 0600)) != 0)) {
 		int err = errno;
 
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("Unable to change owner or mode of tty stdin: %s"),
 		         strerror (err));
 		SYSLOG ((LOG_WARN,
diff -up shadow-4.6/libmisc/cleanup_group.c.libsubid_not_print_error_messages shadow-4.6/libmisc/cleanup_group.c
--- shadow-4.6/libmisc/cleanup_group.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.649172520 +0100
+++ shadow-4.6/libmisc/cleanup_group.c	2021-11-03 09:24:05.681172775 +0100
@@ -203,7 +203,7 @@ void cleanup_report_del_group_gshadow (v
 void cleanup_unlock_group (unused void *arg)
 {
 	if (gr_unlock () == 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: failed to unlock %s\n"),
 		         Prog, gr_dbname ());
 		SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ()));
@@ -223,7 +223,7 @@ void cleanup_unlock_group (unused void *
 void cleanup_unlock_gshadow (unused void *arg)
 {
 	if (sgr_unlock () == 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: failed to unlock %s\n"),
 		         Prog, sgr_dbname ());
 		SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ()));
diff -up shadow-4.6/libmisc/cleanup_user.c.libsubid_not_print_error_messages shadow-4.6/libmisc/cleanup_user.c
--- shadow-4.6/libmisc/cleanup_user.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.649172520 +0100
+++ shadow-4.6/libmisc/cleanup_user.c	2021-11-03 09:24:05.682172783 +0100
@@ -120,7 +120,7 @@ void cleanup_report_add_user_shadow (voi
 void cleanup_unlock_passwd (unused void *arg)
 {
 	if (pw_unlock () == 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: failed to unlock %s\n"),
 		         Prog, pw_dbname ());
 		SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
@@ -139,7 +139,7 @@ void cleanup_unlock_passwd (unused void
 void cleanup_unlock_shadow (unused void *arg)
 {
 	if (spw_unlock () == 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: failed to unlock %s\n"),
 		         Prog, spw_dbname ());
 		SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
diff -up shadow-4.6/libmisc/copydir.c.libsubid_not_print_error_messages shadow-4.6/libmisc/copydir.c
--- shadow-4.6/libmisc/copydir.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.642172465 +0100
+++ shadow-4.6/libmisc/copydir.c	2021-11-03 09:24:05.682172783 +0100
@@ -125,11 +125,11 @@ static void error_acl (struct error_cont
 	}
 
 	va_start (ap, fmt);
-	(void) fprintf (stderr, _("%s: "), Prog);
-	if (vfprintf (stderr, fmt, ap) != 0) {
-		(void) fputs (_(": "), stderr);
+	(void) fprintf (shadow_logfd, _("%s: "), Prog);
+	if (vfprintf (shadow_logfd, fmt, ap) != 0) {
+		(void) fputs (_(": "), shadow_logfd);
 	}
-	(void) fprintf (stderr, "%s\n", strerror (errno));
+	(void) fprintf (shadow_logfd, "%s\n", strerror (errno));
 	va_end (ap);
 }
 
@@ -248,7 +248,7 @@ int copy_tree (const char *src_root, con
 		}
 
 		if (!S_ISDIR (sb.st_mode)) {
-			fprintf (stderr,
+			fprintf (shadow_logfd,
 			         "%s: %s is not a directory",
 			         Prog, src_root);
 			return -1;
diff -up shadow-4.6/libmisc/env.c.libsubid_not_print_error_messages shadow-4.6/libmisc/env.c
--- shadow-4.6/libmisc/env.c.libsubid_not_print_error_messages	2018-04-29 18:42:37.000000000 +0200
+++ shadow-4.6/libmisc/env.c	2021-11-03 09:24:05.682172783 +0100
@@ -171,7 +171,7 @@ void addenv (const char *string, /*@null
 			}
 			newenvp = __newenvp;
 		} else {
-			(void) fputs (_("Environment overflow\n"), stderr);
+			(void) fputs (_("Environment overflow\n"), shadow_logfd);
 			newenvc--;
 			free (newenvp[newenvc]);
 		}
diff -up shadow-4.6/libmisc/find_new_gid.c.libsubid_not_print_error_messages shadow-4.6/libmisc/find_new_gid.c
--- shadow-4.6/libmisc/find_new_gid.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.665172648 +0100
+++ shadow-4.6/libmisc/find_new_gid.c	2021-11-03 09:24:05.682172783 +0100
@@ -74,7 +74,7 @@ static int get_ranges (bool sys_group, g
 
 		/* Check that the ranges make sense */
 		if (*max_id < *min_id) {
-			(void) fprintf (stderr,
+			(void) fprintf (shadow_logfd,
                             _("%s: Invalid configuration: SYS_GID_MIN (%lu), "
                               "GID_MIN (%lu), SYS_GID_MAX (%lu)\n"),
                             Prog, (unsigned long) *min_id,
@@ -104,7 +104,7 @@ static int get_ranges (bool sys_group, g
 
 		/* Check that the ranges make sense */
 		if (*max_id < *min_id) {
-			(void) fprintf (stderr,
+			(void) fprintf (shadow_logfd,
 					_("%s: Invalid configuration: GID_MIN (%lu), "
 					  "GID_MAX (%lu)\n"),
 					Prog, (unsigned long) *min_id,
@@ -220,7 +220,7 @@ int find_new_gid (bool sys_group,
 			 * more likely to want to stop and address the
 			 * issue.
 			 */
-			fprintf (stderr,
+			fprintf (shadow_logfd,
 				_("%s: Encountered error attempting to use "
 				  "preferred GID: %s\n"),
 				Prog, strerror (result));
@@ -250,7 +250,7 @@ int find_new_gid (bool sys_group,
 	/* Create an array to hold all of the discovered GIDs */
 	used_gids = malloc (sizeof (bool) * (gid_max +1));
 	if (NULL == used_gids) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 			 _("%s: failed to allocate memory: %s\n"),
 			 Prog, strerror (errno));
 		return -1;
@@ -330,7 +330,7 @@ int find_new_gid (bool sys_group,
 				 *
 				 */
 				if (!nospam) {
-					fprintf (stderr,
+					fprintf (shadow_logfd,
 						_("%s: Can't get unique system GID (%s). "
 						  "Suppressing additional messages.\n"),
 						Prog, strerror (result));
@@ -373,7 +373,7 @@ int find_new_gid (bool sys_group,
 					 *
 					 */
 					if (!nospam) {
-						fprintf (stderr,
+						fprintf (shadow_logfd,
 							_("%s: Can't get unique system GID (%s). "
 							  "Suppressing additional messages.\n"),
 							Prog, strerror (result));
@@ -433,7 +433,7 @@ int find_new_gid (bool sys_group,
 				 *
 				 */
 				if (!nospam) {
-					fprintf (stderr,
+					fprintf (shadow_logfd,
 						_("%s: Can't get unique GID (%s). "
 						  "Suppressing additional messages.\n"),
 						Prog, strerror (result));
@@ -476,7 +476,7 @@ int find_new_gid (bool sys_group,
 					 *
 					 */
 					if (!nospam) {
-						fprintf (stderr,
+						fprintf (shadow_logfd,
 							_("%s: Can't get unique GID (%s). "
 							  "Suppressing additional messages.\n"),
 							Prog, strerror (result));
@@ -495,7 +495,7 @@ int find_new_gid (bool sys_group,
 	}
 
 	/* The code reached here and found no available IDs in the range */
-	fprintf (stderr,
+	fprintf (shadow_logfd,
 		_("%s: Can't get unique GID (no more available GIDs)\n"),
 		Prog);
 	SYSLOG ((LOG_WARN, "no more available GIDs on the system"));
diff -up shadow-4.6/libmisc/find_new_sub_gids.c.libsubid_not_print_error_messages shadow-4.6/libmisc/find_new_sub_gids.c
--- shadow-4.6/libmisc/find_new_sub_gids.c.libsubid_not_print_error_messages	2018-04-29 18:42:37.000000000 +0200
+++ shadow-4.6/libmisc/find_new_sub_gids.c	2021-11-03 09:24:05.682172783 +0100
@@ -61,7 +61,7 @@ int find_new_sub_gids (const char *owner
 	count = getdef_ulong ("SUB_GID_COUNT", 65536);
 
 	if (min > max || count >= max || (min + count - 1) > max) {
-		(void) fprintf (stderr,
+		(void) fprintf (shadow_logfd,
 				_("%s: Invalid configuration: SUB_GID_MIN (%lu),"
 				  " SUB_GID_MAX (%lu), SUB_GID_COUNT (%lu)\n"),
 			Prog, min, max, count);
@@ -70,7 +70,7 @@ int find_new_sub_gids (const char *owner
 
 	start = sub_gid_find_free_range(min, max, count);
 	if (start == (gid_t)-1) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Can't get unique subordinate GID range\n"),
 		         Prog);
 		SYSLOG ((LOG_WARN, "no more available subordinate GIDs on the system"));
diff -up shadow-4.6/libmisc/find_new_sub_uids.c.libsubid_not_print_error_messages shadow-4.6/libmisc/find_new_sub_uids.c
--- shadow-4.6/libmisc/find_new_sub_uids.c.libsubid_not_print_error_messages	2018-04-29 18:42:37.000000000 +0200
+++ shadow-4.6/libmisc/find_new_sub_uids.c	2021-11-03 09:24:05.682172783 +0100
@@ -61,7 +61,7 @@ int find_new_sub_uids (const char *owner
 	count = getdef_ulong ("SUB_UID_COUNT", 65536);
 
 	if (min > max || count >= max || (min + count - 1) > max) {
-		(void) fprintf (stderr,
+		(void) fprintf (shadow_logfd,
 				_("%s: Invalid configuration: SUB_UID_MIN (%lu),"
 				  " SUB_UID_MAX (%lu), SUB_UID_COUNT (%lu)\n"),
 			Prog, min, max, count);
@@ -70,7 +70,7 @@ int find_new_sub_uids (const char *owner
 
 	start = sub_uid_find_free_range(min, max, count);
 	if (start == (uid_t)-1) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Can't get unique subordinate UID range\n"),
 		         Prog);
 		SYSLOG ((LOG_WARN, "no more available subordinate UIDs on the system"));
diff -up shadow-4.6/libmisc/find_new_uid.c.libsubid_not_print_error_messages shadow-4.6/libmisc/find_new_uid.c
--- shadow-4.6/libmisc/find_new_uid.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.665172648 +0100
+++ shadow-4.6/libmisc/find_new_uid.c	2021-11-03 09:24:05.682172783 +0100
@@ -74,7 +74,7 @@ static int get_ranges (bool sys_user, ui
 
 		/* Check that the ranges make sense */
 		if (*max_id < *min_id) {
-			(void) fprintf (stderr,
+			(void) fprintf (shadow_logfd,
                             _("%s: Invalid configuration: SYS_UID_MIN (%lu), "
                               "UID_MIN (%lu), SYS_UID_MAX (%lu)\n"),
                             Prog, (unsigned long) *min_id,
@@ -104,7 +104,7 @@ static int get_ranges (bool sys_user, ui
 
 		/* Check that the ranges make sense */
 		if (*max_id < *min_id) {
-			(void) fprintf (stderr,
+			(void) fprintf (shadow_logfd,
 					_("%s: Invalid configuration: UID_MIN (%lu), "
 					  "UID_MAX (%lu)\n"),
 					Prog, (unsigned long) *min_id,
@@ -220,7 +220,7 @@ int find_new_uid(bool sys_user,
 			 * more likely to want to stop and address the
 			 * issue.
 			 */
-			fprintf (stderr,
+			fprintf (shadow_logfd,
 				_("%s: Encountered error attempting to use "
 				  "preferred UID: %s\n"),
 				Prog, strerror (result));
@@ -250,7 +250,7 @@ int find_new_uid(bool sys_user,
 	/* Create an array to hold all of the discovered UIDs */
 	used_uids = malloc (sizeof (bool) * (uid_max +1));
 	if (NULL == used_uids) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 			 _("%s: failed to allocate memory: %s\n"),
 			 Prog, strerror (errno));
 		return -1;
@@ -330,7 +330,7 @@ int find_new_uid(bool sys_user,
 				 *
 				 */
 				if (!nospam) {
-					fprintf (stderr,
+					fprintf (shadow_logfd,
 						_("%s: Can't get unique system UID (%s). "
 						  "Suppressing additional messages.\n"),
 						Prog, strerror (result));
@@ -373,7 +373,7 @@ int find_new_uid(bool sys_user,
 					 *
 					 */
 					if (!nospam) {
-						fprintf (stderr,
+						fprintf (shadow_logfd,
 							_("%s: Can't get unique system UID (%s). "
 							  "Suppressing additional messages.\n"),
 							Prog, strerror (result));
@@ -433,7 +433,7 @@ int find_new_uid(bool sys_user,
 				 *
 				 */
 				if (!nospam) {
-					fprintf (stderr,
+					fprintf (shadow_logfd,
 						_("%s: Can't get unique UID (%s). "
 						  "Suppressing additional messages.\n"),
 						Prog, strerror (result));
@@ -476,7 +476,7 @@ int find_new_uid(bool sys_user,
 					 *
 					 */
 					if (!nospam) {
-						fprintf (stderr,
+						fprintf (shadow_logfd,
 							_("%s: Can't get unique UID (%s). "
 							  "Suppressing additional messages.\n"),
 							Prog, strerror (result));
@@ -495,7 +495,7 @@ int find_new_uid(bool sys_user,
 	}
 
 	/* The code reached here and found no available IDs in the range */
-	fprintf (stderr,
+	fprintf (shadow_logfd,
 		_("%s: Can't get unique UID (no more available UIDs)\n"),
 		Prog);
 	SYSLOG ((LOG_WARN, "no more available UIDs on the system"));
diff -up shadow-4.6/libmisc/gettime.c.libsubid_not_print_error_messages shadow-4.6/libmisc/gettime.c
--- shadow-4.6/libmisc/gettime.c.libsubid_not_print_error_messages	2018-04-29 18:42:37.000000000 +0200
+++ shadow-4.6/libmisc/gettime.c	2021-11-03 09:24:05.682172783 +0100
@@ -61,23 +61,23 @@
 	epoch = strtoull (source_date_epoch, &endptr, 10);
 	if ((errno == ERANGE && (epoch == ULLONG_MAX || epoch == 0))
 			|| (errno != 0 && epoch == 0)) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 			 _("Environment variable $SOURCE_DATE_EPOCH: strtoull: %s\n"),
 			 strerror(errno));
 	} else if (endptr == source_date_epoch) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 			 _("Environment variable $SOURCE_DATE_EPOCH: No digits were found: %s\n"),
 			 endptr);
 	} else if (*endptr != '\0') {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 			 _("Environment variable $SOURCE_DATE_EPOCH: Trailing garbage: %s\n"),
 			 endptr);
 	} else if (epoch > ULONG_MAX) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 			 _("Environment variable $SOURCE_DATE_EPOCH: value must be smaller than or equal to %lu but was found to be: %llu\n"),
 			 ULONG_MAX, epoch);
 	} else if (epoch > fallback) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 			 _("Environment variable $SOURCE_DATE_EPOCH: value must be smaller than or equal to the current time (%lu) but was found to be: %llu\n"),
 			 fallback, epoch);
 	} else {
diff -up shadow-4.6/libmisc/idmapping.c.libsubid_not_print_error_messages shadow-4.6/libmisc/idmapping.c
--- shadow-4.6/libmisc/idmapping.c.libsubid_not_print_error_messages	2018-04-29 18:42:37.000000000 +0200
+++ shadow-4.6/libmisc/idmapping.c	2021-11-03 09:24:05.682172783 +0100
@@ -43,19 +43,19 @@ struct map_range *get_map_ranges(int ran
 	int idx, argidx;
 
 	if (ranges < 0 || argc < 0) {
-		fprintf(stderr, "%s: error calculating number of arguments\n", Prog);
+		fprintf(shadow_logfd, "%s: error calculating number of arguments\n", Prog);
 		return NULL;
 	}
 
 	if (ranges != ((argc + 2) / 3)) {
-		fprintf(stderr, "%s: ranges: %u is wrong for argc: %d\n", Prog, ranges, argc);
+		fprintf(shadow_logfd, "%s: ranges: %u is wrong for argc: %d\n", Prog, ranges, argc);
 		return NULL;
 	}
 
 	if ((ranges * 3) > argc) {
-		fprintf(stderr, "ranges: %u argc: %d\n",
+		fprintf(shadow_logfd, "ranges: %u argc: %d\n",
 			ranges, argc);
-		fprintf(stderr,
+		fprintf(shadow_logfd,
 			_( "%s: Not enough arguments to form %u mappings\n"),
 			Prog, ranges);
 		return NULL;
@@ -63,7 +63,7 @@ struct map_range *get_map_ranges(int ran
 
 	mappings = calloc(ranges, sizeof(*mappings));
 	if (!mappings) {
-		fprintf(stderr, _( "%s: Memory allocation failure\n"),
+		fprintf(shadow_logfd, _( "%s: Memory allocation failure\n"),
 			Prog);
 		exit(EXIT_FAILURE);
 	}
@@ -84,24 +84,24 @@ struct map_range *get_map_ranges(int ran
 			return NULL;
 		}
 		if (ULONG_MAX - mapping->upper <= mapping->count || ULONG_MAX - mapping->lower <= mapping->count) {
-			fprintf(stderr, _( "%s: subuid overflow detected.\n"), Prog);
+			fprintf(shadow_logfd, _( "%s: subuid overflow detected.\n"), Prog);
 			exit(EXIT_FAILURE);
 		}
 		if (mapping->upper > UINT_MAX ||
 			mapping->lower > UINT_MAX ||
 			mapping->count > UINT_MAX)  {
-			fprintf(stderr, _( "%s: subuid overflow detected.\n"), Prog);
+			fprintf(shadow_logfd, _( "%s: subuid overflow detected.\n"), Prog);
 			exit(EXIT_FAILURE);
 		}
 		if (mapping->lower + mapping->count > UINT_MAX ||
 				mapping->upper + mapping->count > UINT_MAX) {
-			fprintf(stderr, _( "%s: subuid overflow detected.\n"), Prog);
+			fprintf(shadow_logfd, _( "%s: subuid overflow detected.\n"), Prog);
 			exit(EXIT_FAILURE);
 		}
 		if (mapping->lower + mapping->count < mapping->lower ||
 				mapping->upper + mapping->count < mapping->upper) {
 			/* this one really shouldn't be possible given previous checks */
-			fprintf(stderr, _( "%s: subuid overflow detected.\n"), Prog);
+			fprintf(shadow_logfd, _( "%s: subuid overflow detected.\n"), Prog);
 			exit(EXIT_FAILURE);
 		}
 	}
@@ -142,7 +142,7 @@ void write_mapping(int proc_dir_fd, int
 			mapping->lower,
 			mapping->count);
 		if ((written <= 0) || (written >= (bufsize - (pos - buf)))) {
-			fprintf(stderr, _("%s: snprintf failed!\n"), Prog);
+			fprintf(shadow_logfd, _("%s: snprintf failed!\n"), Prog);
 			exit(EXIT_FAILURE);
 		}
 		pos += written;
@@ -151,12 +151,12 @@ void write_mapping(int proc_dir_fd, int
 	/* Write the mapping to the mapping file */
 	fd = openat(proc_dir_fd, map_file, O_WRONLY);
 	if (fd < 0) {
-		fprintf(stderr, _("%s: open of %s failed: %s\n"),
+		fprintf(shadow_logfd, _("%s: open of %s failed: %s\n"),
 			Prog, map_file, strerror(errno));
 		exit(EXIT_FAILURE);
 	}
 	if (write(fd, buf, pos - buf) != (pos - buf)) {
-		fprintf(stderr, _("%s: write to %s failed: %s\n"),
+		fprintf(shadow_logfd, _("%s: write to %s failed: %s\n"),
 			Prog, map_file, strerror(errno));
 		exit(EXIT_FAILURE);
 	}
diff -up shadow-4.6/libmisc/limits.c.libsubid_not_print_error_messages shadow-4.6/libmisc/limits.c
--- shadow-4.6/libmisc/limits.c.libsubid_not_print_error_messages	2018-04-29 18:42:37.000000000 +0200
+++ shadow-4.6/libmisc/limits.c	2021-11-03 09:24:05.682172783 +0100
@@ -548,7 +548,7 @@ void setup_limits (const struct passwd *
 #ifdef LIMITS
 		if (info->pw_uid != 0) {
 			if ((setup_user_limits (info->pw_name) & LOGIN_ERROR_LOGIN) != 0) {
-				(void) fputs (_("Too many logins.\n"), stderr);
+				(void) fputs (_("Too many logins.\n"), shadow_logfd);
 				(void) sleep (2); /* XXX: Should be FAIL_DELAY */
 				exit (EXIT_FAILURE);
 			}
diff -up shadow-4.6/libmisc/pam_pass.c.libsubid_not_print_error_messages shadow-4.6/libmisc/pam_pass.c
--- shadow-4.6/libmisc/pam_pass.c.libsubid_not_print_error_messages	2018-04-29 18:42:37.000000000 +0200
+++ shadow-4.6/libmisc/pam_pass.c	2021-11-03 09:24:05.682172783 +0100
@@ -59,20 +59,20 @@ void do_pam_passwd (const char *user, bo
 
 	ret = pam_start ("passwd", user, &conv, &pamh);
 	if (ret != PAM_SUCCESS) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 			 _("passwd: pam_start() failed, error %d\n"), ret);
 		exit (10);	/* XXX */
 	}
 
 	ret = pam_chauthtok (pamh, flags);
 	if (ret != PAM_SUCCESS) {
-		fprintf (stderr, _("passwd: %s\n"), pam_strerror (pamh, ret));
-		fputs (_("passwd: password unchanged\n"), stderr);
+		fprintf (shadow_logfd, _("passwd: %s\n"), pam_strerror (pamh, ret));
+		fputs (_("passwd: password unchanged\n"), shadow_logfd);
 		pam_end (pamh, ret);
 		exit (10);	/* XXX */
 	}
 
-	fputs (_("passwd: password updated successfully\n"), stderr);
+	fputs (_("passwd: password updated successfully\n"), shadow_logfd);
 	(void) pam_end (pamh, PAM_SUCCESS);
 }
 #else				/* !USE_PAM */
diff -up shadow-4.6/libmisc/pam_pass_non_interactive.c.libsubid_not_print_error_messages shadow-4.6/libmisc/pam_pass_non_interactive.c
--- shadow-4.6/libmisc/pam_pass_non_interactive.c.libsubid_not_print_error_messages	2018-04-29 18:42:37.000000000 +0200
+++ shadow-4.6/libmisc/pam_pass_non_interactive.c	2021-11-03 09:24:05.683172791 +0100
@@ -76,7 +76,7 @@ static int ni_conv (int num_msg,
 
 		switch (msg[count]->msg_style) {
 		case PAM_PROMPT_ECHO_ON:
-			fprintf (stderr,
+			fprintf (shadow_logfd,
 			         _("%s: PAM modules requesting echoing are not supported.\n"),
 			         Prog);
 			goto failed_conversation;
@@ -88,7 +88,7 @@ static int ni_conv (int num_msg,
 			break;
 		case PAM_ERROR_MSG:
 			if (   (NULL == msg[count]->msg)
-			    || (fprintf (stderr, "%s\n", msg[count]->msg) <0)) {
+			    || (fprintf (shadow_logfd, "%s\n", msg[count]->msg) <0)) {
 				goto failed_conversation;
 			}
 			responses[count].resp = NULL;
@@ -101,7 +101,7 @@ static int ni_conv (int num_msg,
 			responses[count].resp = NULL;
 			break;
 		default:
-			(void) fprintf (stderr,
+			(void) fprintf (shadow_logfd,
 			                _("%s: conversation type %d not supported.\n"),
 			                Prog, msg[count]->msg_style);
 			goto failed_conversation;
@@ -143,7 +143,7 @@ int do_pam_passwd_non_interactive (const
 
 	ret = pam_start (pam_service, username, &non_interactive_pam_conv, &pamh);
 	if (ret != PAM_SUCCESS) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: (user %s) pam_start failure %d\n"),
 		         Prog, username, ret);
 		return 1;
@@ -152,7 +152,7 @@ int do_pam_passwd_non_interactive (const
 	non_interactive_password = password;
 	ret = pam_chauthtok (pamh, 0);
 	if (ret != PAM_SUCCESS) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: (user %s) pam_chauthtok() failed, error:\n"
 		           "%s\n"),
 		         Prog, username, pam_strerror (pamh, ret));
diff -up shadow-4.6/libmisc/prefix_flag.c.libsubid_not_print_error_messages shadow-4.6/libmisc/prefix_flag.c
--- shadow-4.6/libmisc/prefix_flag.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.658172592 +0100
+++ shadow-4.6/libmisc/prefix_flag.c	2021-11-03 09:24:05.683172791 +0100
@@ -80,14 +80,14 @@ extern const char* process_prefix_flag (
 		if (   (strcmp (argv[i], "--prefix") == 0)
 		    || (strcmp (argv[i], short_opt) == 0)) {
 			if (NULL != prefix) {
-				fprintf (stderr,
+				fprintf (shadow_logfd,
 				         _("%s: multiple --prefix options\n"),
 				         Prog);
 				exit (E_BAD_ARG);
 			}
 
 			if (i + 1 == argc) {
-				fprintf (stderr,
+				fprintf (shadow_logfd,
 				         _("%s: option '%s' requires an argument\n"),
 				         Prog, argv[i]);
 				exit (E_BAD_ARG);
diff -up shadow-4.6/libmisc/pwdcheck.c.libsubid_not_print_error_messages shadow-4.6/libmisc/pwdcheck.c
--- shadow-4.6/libmisc/pwdcheck.c.libsubid_not_print_error_messages	2018-04-29 18:42:37.000000000 +0200
+++ shadow-4.6/libmisc/pwdcheck.c	2021-11-03 09:24:05.683172791 +0100
@@ -51,7 +51,7 @@ void passwd_check (const char *user, con
 	if (pw_auth (passwd, user, PW_LOGIN, (char *) 0) != 0) {
 		SYSLOG ((LOG_WARN, "incorrect password for `%s'", user));
 		(void) sleep (1);
-		fprintf (stderr, _("Incorrect password for %s.\n"), user);
+		fprintf (shadow_logfd, _("Incorrect password for %s.\n"), user);
 		exit (EXIT_FAILURE);
 	}
 }
diff -up shadow-4.6/libmisc/root_flag.c.libsubid_not_print_error_messages shadow-4.6/libmisc/root_flag.c
--- shadow-4.6/libmisc/root_flag.c.libsubid_not_print_error_messages	2018-04-29 18:42:37.000000000 +0200
+++ shadow-4.6/libmisc/root_flag.c	2021-11-03 09:24:05.683172791 +0100
@@ -62,14 +62,14 @@ extern void process_root_flag (const cha
 		if (   (strcmp (argv[i], "--root") == 0)
 		    || (strcmp (argv[i], short_opt) == 0)) {
 			if (NULL != newroot) {
-				fprintf (stderr,
+				fprintf (shadow_logfd,
 				         _("%s: multiple --root options\n"),
 				         Prog);
 				exit (E_BAD_ARG);
 			}
 
 			if (i + 1 == argc) {
-				fprintf (stderr,
+				fprintf (shadow_logfd,
 				         _("%s: option '%s' requires an argument\n"),
 				         Prog, argv[i]);
 				exit (E_BAD_ARG);
@@ -88,34 +88,34 @@ static void change_root (const char* new
 	/* Drop privileges */
 	if (   (setregid (getgid (), getgid ()) != 0)
 	    || (setreuid (getuid (), getuid ()) != 0)) {
-		fprintf (stderr, _("%s: failed to drop privileges (%s)\n"),
+		fprintf (shadow_logfd, _("%s: failed to drop privileges (%s)\n"),
 		         Prog, strerror (errno));
 		exit (EXIT_FAILURE);
 	}
 
 	if ('/' != newroot[0]) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: invalid chroot path '%s'\n"),
 		         Prog, newroot);
 		exit (E_BAD_ARG);
 	}
 
 	if (access (newroot, F_OK) != 0) {
-		fprintf(stderr,
+		fprintf(shadow_logfd,
 		        _("%s: cannot access chroot directory %s: %s\n"),
 		        Prog, newroot, strerror (errno));
 		exit (E_BAD_ARG);
 	}
 
 	if (chdir (newroot) != 0) {
-		fprintf(stderr,
+		fprintf(shadow_logfd,
 				_("%s: cannot chdir to chroot directory %s: %s\n"),
 				Prog, newroot, strerror (errno));
 		exit (E_BAD_ARG);
 	}
 
 	if (chroot (newroot) != 0) {
-		fprintf(stderr,
+		fprintf(shadow_logfd,
 		        _("%s: unable to chroot to directory %s: %s\n"),
 		        Prog, newroot, strerror (errno));
 		exit (E_BAD_ARG);
diff -up shadow-4.6/libmisc/salt.c.libsubid_not_print_error_messages shadow-4.6/libmisc/salt.c
--- shadow-4.6/libmisc/salt.c.libsubid_not_print_error_messages	2018-04-29 18:42:37.000000000 +0200
+++ shadow-4.6/libmisc/salt.c	2021-11-03 09:24:05.683172791 +0100
@@ -241,7 +241,7 @@ static /*@observer@*/const char *gensalt
 		salt_len = (size_t) shadow_random (8, 16);
 #endif /* USE_SHA_CRYPT */
 	} else if (0 != strcmp (method, "DES")) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 			 _("Invalid ENCRYPT_METHOD value: '%s'.\n"
 			   "Defaulting to DES.\n"),
 			 method);
diff -up shadow-4.6/libmisc/setupenv.c.libsubid_not_print_error_messages shadow-4.6/libmisc/setupenv.c
--- shadow-4.6/libmisc/setupenv.c.libsubid_not_print_error_messages	2018-04-29 18:42:37.000000000 +0200
+++ shadow-4.6/libmisc/setupenv.c	2021-11-03 09:24:05.683172791 +0100
@@ -219,7 +219,7 @@ void setup_env (struct passwd *info)
 		static char temp_pw_dir[] = "/";
 
 		if (!getdef_bool ("DEFAULT_HOME") || chdir ("/") == -1) {
-			fprintf (stderr, _("Unable to cd to '%s'\n"),
+			fprintf (shadow_logfd, _("Unable to cd to '%s'\n"),
 				 info->pw_dir);
 			SYSLOG ((LOG_WARN,
 				 "unable to cd to `%s' for user `%s'\n",
diff -up shadow-4.6/libmisc/user_busy.c.libsubid_not_print_error_messages shadow-4.6/libmisc/user_busy.c
--- shadow-4.6/libmisc/user_busy.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.669172680 +0100
+++ shadow-4.6/libmisc/user_busy.c	2021-11-03 09:24:05.683172791 +0100
@@ -96,7 +96,7 @@ static int user_busy_utmp (const char *n
 			continue;
 		}
 
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: user %s is currently logged in\n"),
 		         Prog, name);
 		return 1;
@@ -249,7 +249,7 @@ static int user_busy_processes (const ch
 #ifdef ENABLE_SUBIDS
 			sub_uid_close();
 #endif
-			fprintf (stderr,
+			fprintf (shadow_logfd,
 			         _("%s: user %s is currently used by process %d\n"),
 			         Prog, name, pid);
 			return 1;
@@ -272,7 +272,7 @@ static int user_busy_processes (const ch
 #ifdef ENABLE_SUBIDS
 					sub_uid_close();
 #endif
-					fprintf (stderr,
+					fprintf (shadow_logfd,
 					         _("%s: user %s is currently used by process %d\n"),
 					         Prog, name, pid);
 					return 1;
diff -up shadow-4.6/libmisc/xgetXXbyYY.c.libsubid_not_print_error_messages shadow-4.6/libmisc/xgetXXbyYY.c
--- shadow-4.6/libmisc/xgetXXbyYY.c.libsubid_not_print_error_messages	2018-04-29 18:42:37.000000000 +0200
+++ shadow-4.6/libmisc/xgetXXbyYY.c	2021-11-03 09:24:05.683172791 +0100
@@ -74,7 +74,7 @@
 
 	result = malloc(sizeof(LOOKUP_TYPE));
 	if (NULL == result) {
-		fprintf (stderr, _("%s: out of memory\n"),
+		fprintf (shadow_logfd, _("%s: out of memory\n"),
 		         "x" STRINGIZE(FUNCTION_NAME));
 		exit (13);
 	}
@@ -84,7 +84,7 @@
 		LOOKUP_TYPE *resbuf = NULL;
 		buffer = (char *)realloc (buffer, length);
 		if (NULL == buffer) {
-			fprintf (stderr, _("%s: out of memory\n"),
+			fprintf (shadow_logfd, _("%s: out of memory\n"),
 			         "x" STRINGIZE(FUNCTION_NAME));
 			exit (13);
 		}
@@ -132,7 +132,7 @@
 	if (result) {
 		result = DUP_FUNCTION(result);
 		if (NULL == result) {
-			fprintf (stderr, _("%s: out of memory\n"),
+			fprintf (shadow_logfd, _("%s: out of memory\n"),
 			         "x" STRINGIZE(FUNCTION_NAME));
 			exit (13);
 		}
diff -up shadow-4.6/libmisc/xmalloc.c.libsubid_not_print_error_messages shadow-4.6/libmisc/xmalloc.c
--- shadow-4.6/libmisc/xmalloc.c.libsubid_not_print_error_messages	2018-04-29 18:42:37.000000000 +0200
+++ shadow-4.6/libmisc/xmalloc.c	2021-11-03 09:24:05.683172791 +0100
@@ -54,7 +54,7 @@
 
 	ptr = (char *) malloc (size);
 	if (NULL == ptr) {
-		(void) fprintf (stderr,
+		(void) fprintf (shadow_logfd,
 		                _("%s: failed to allocate memory: %s\n"),
 		                Prog, strerror (errno));
 		exit (13);
diff -up shadow-4.6/lib/nscd.c.libsubid_not_print_error_messages shadow-4.6/lib/nscd.c
--- shadow-4.6/lib/nscd.c.libsubid_not_print_error_messages	2018-04-29 18:42:37.000000000 +0200
+++ shadow-4.6/lib/nscd.c	2021-11-03 09:24:05.683172791 +0100
@@ -25,13 +25,13 @@ int nscd_flush_cache (const char *servic
 
 	if (run_command (cmd, spawnedArgs, spawnedEnv, &status) != 0) {
 		/* run_command writes its own more detailed message. */
-		(void) fprintf (stderr, _(MSG_NSCD_FLUSH_CACHE_FAILED), Prog);
+		(void) fprintf (shadow_logfd, _(MSG_NSCD_FLUSH_CACHE_FAILED), Prog);
 		return -1;
 	}
 
 	code = WEXITSTATUS (status);
 	if (!WIFEXITED (status)) {
-		(void) fprintf (stderr,
+		(void) fprintf (shadow_logfd,
 		                _("%s: nscd did not terminate normally (signal %d)\n"),
 		                Prog, WTERMSIG (status));
 		return -1;
@@ -43,9 +43,9 @@ int nscd_flush_cache (const char *servic
 		/* nscd is installed, but it isn't active. */
 		return 0;
 	} else if (code != 0) {
-		(void) fprintf (stderr, _("%s: nscd exited with status %d\n"),
+		(void) fprintf (shadow_logfd, _("%s: nscd exited with status %d\n"),
 		                Prog, code);
-		(void) fprintf (stderr, _(MSG_NSCD_FLUSH_CACHE_FAILED), Prog);
+		(void) fprintf (shadow_logfd, _(MSG_NSCD_FLUSH_CACHE_FAILED), Prog);
 		return -1;
 	}
 
diff -up shadow-4.6/lib/nss.c.libsubid_not_print_error_messages shadow-4.6/lib/nss.c
--- shadow-4.6/lib/nss.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.678172751 +0100
+++ shadow-4.6/lib/nss.c	2021-11-03 09:24:05.683172791 +0100
@@ -56,7 +56,7 @@ void nss_init(char *nsswitch_path) {
 	//   subid:	files
 	nssfp = fopen(nsswitch_path, "r");
 	if (!nssfp) {
-		fprintf(stderr, "Failed opening %s: %m", nsswitch_path);
+		fprintf(shadow_logfd, "Failed opening %s: %m", nsswitch_path);
 		atomic_store(&nss_init_completed, true);
 		return;
 	}
@@ -82,16 +82,16 @@ void nss_init(char *nsswitch_path) {
 				goto done;
 			}
 			if (strlen(token) > 50) {
-				fprintf(stderr, "Subid NSS module name too long (longer than 50 characters): %s\n", token);
-				fprintf(stderr, "Using files\n");
+				fprintf(shadow_logfd, "Subid NSS module name too long (longer than 50 characters): %s\n", token);
+				fprintf(shadow_logfd, "Using files\n");
 				subid_nss = NULL;
 				goto done;
 			}
 			snprintf(libname, 64,  "libsubid_%s.so", token);
 			h = dlopen(libname, RTLD_LAZY);
 			if (!h) {
-				fprintf(stderr, "Error opening %s: %s\n", libname, dlerror());
-				fprintf(stderr, "Using files\n");
+				fprintf(shadow_logfd, "Error opening %s: %s\n", libname, dlerror());
+				fprintf(shadow_logfd, "Using files\n");
 				subid_nss = NULL;
 				goto done;
 			}
@@ -102,7 +102,7 @@ void nss_init(char *nsswitch_path) {
 			}
 			subid_nss->has_range = dlsym(h, "shadow_subid_has_range");
 			if (!subid_nss->has_range) {
-				fprintf(stderr, "%s did not provide @has_range@\n", libname);
+				fprintf(shadow_logfd, "%s did not provide @has_range@\n", libname);
 				dlclose(h);
 				free(subid_nss);
 				subid_nss = NULL;
@@ -110,7 +110,7 @@ void nss_init(char *nsswitch_path) {
 			}
 			subid_nss->list_owner_ranges = dlsym(h, "shadow_subid_list_owner_ranges");
 			if (!subid_nss->list_owner_ranges) {
-				fprintf(stderr, "%s did not provide @list_owner_ranges@\n", libname);
+				fprintf(shadow_logfd, "%s did not provide @list_owner_ranges@\n", libname);
 				dlclose(h);
 				free(subid_nss);
 				subid_nss = NULL;
@@ -118,7 +118,7 @@ void nss_init(char *nsswitch_path) {
 			}
 			subid_nss->has_any_range = dlsym(h, "shadow_subid_has_any_range");
 			if (!subid_nss->has_any_range) {
-				fprintf(stderr, "%s did not provide @has_any_range@\n", libname);
+				fprintf(shadow_logfd, "%s did not provide @has_any_range@\n", libname);
 				dlclose(h);
 				free(subid_nss);
 				subid_nss = NULL;
@@ -126,7 +126,7 @@ void nss_init(char *nsswitch_path) {
 			}
 			subid_nss->find_subid_owners = dlsym(h, "shadow_subid_find_subid_owners");
 			if (!subid_nss->find_subid_owners) {
-				fprintf(stderr, "%s did not provide @find_subid_owners@\n", libname);
+				fprintf(shadow_logfd, "%s did not provide @find_subid_owners@\n", libname);
 				dlclose(h);
 				free(subid_nss);
 				subid_nss = NULL;
@@ -135,7 +135,7 @@ void nss_init(char *nsswitch_path) {
 			subid_nss->handle = h;
 			goto done;
 		}
-		fprintf(stderr, "No usable subid NSS module found, using files\n");
+		fprintf(shadow_logfd, "No usable subid NSS module found, using files\n");
 		// subid_nss has to be null here, but to ease reviews:
 		free(subid_nss);
 		subid_nss = NULL;
diff -up shadow-4.6/lib/prototypes.h.libsubid_not_print_error_messages shadow-4.6/lib/prototypes.h
--- shadow-4.6/lib/prototypes.h.libsubid_not_print_error_messages	2021-11-03 09:24:05.678172751 +0100
+++ shadow-4.6/lib/prototypes.h	2021-11-03 09:24:05.683172791 +0100
@@ -59,7 +59,8 @@
 #include "defines.h"
 #include "commonio.h"
 
-extern /*@observer@*/ const char *Prog;
+extern /*@observer@*/ const char *Prog; /* Program name showed in error messages */
+extern FILE *shadow_logfd;  /* file descripter to which error messages are printed */
 
 /* addgrps.c */
 #if defined (HAVE_SETGROUPS) && ! defined (USE_PAM)
diff -up shadow-4.6/lib/selinux.c.libsubid_not_print_error_messages shadow-4.6/lib/selinux.c
diff -up shadow-4.6/lib/semanage.c.libsubid_not_print_error_messages shadow-4.6/lib/semanage.c
--- shadow-4.6/lib/semanage.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.644172481 +0100
+++ shadow-4.6/lib/semanage.c	2021-11-03 09:24:05.691172854 +0100
@@ -69,7 +69,7 @@ static void semanage_error_callback (unu
 	switch (semanage_msg_get_level (handle)) {
 	case SEMANAGE_MSG_ERR:
 	case SEMANAGE_MSG_WARN:
-		fprintf (stderr, _("[libsemanage]: %s\n"), message);
+		fprintf (shadow_logfd, _("[libsemanage]: %s\n"), message);
 		break;
 	case SEMANAGE_MSG_INFO:
 		/* nop */
@@ -87,7 +87,7 @@ static semanage_handle_t *semanage_init
 
 	handle = semanage_handle_create ();
 	if (NULL == handle) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("Cannot create SELinux management handle\n"));
 		return NULL;
 	}
@@ -96,26 +96,26 @@ static semanage_handle_t *semanage_init
 
 	ret = semanage_is_managed (handle);
 	if (ret != 1) {
-		fprintf (stderr, _("SELinux policy not managed\n"));
+		fprintf (shadow_logfd, _("SELinux policy not managed\n"));
 		goto fail;
 	}
 
 	ret = semanage_access_check (handle);
 	if (ret < SEMANAGE_CAN_READ) {
-		fprintf (stderr, _("Cannot read SELinux policy store\n"));
+		fprintf (shadow_logfd, _("Cannot read SELinux policy store\n"));
 		goto fail;
 	}
 
 	ret = semanage_connect (handle);
 	if (ret != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("Cannot establish SELinux management connection\n"));
 		goto fail;
 	}
 
 	ret = semanage_begin_transaction (handle);
 	if (ret != 0) {
-		fprintf (stderr, _("Cannot begin SELinux transaction\n"));
+		fprintf (shadow_logfd, _("Cannot begin SELinux transaction\n"));
 		goto fail;
 	}
 
@@ -137,7 +137,7 @@ static int semanage_user_mod (semanage_h
 
 	semanage_seuser_query (handle, key, &seuser);
 	if (NULL == seuser) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("Could not query seuser for %s\n"), login_name);
 		ret = 1;
 		goto done;
@@ -146,7 +146,7 @@ static int semanage_user_mod (semanage_h
 #if 0
 	ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
 	if (ret != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("Could not set serange for %s\n"), login_name);
 		ret = 1;
 		goto done;
@@ -155,7 +155,7 @@ static int semanage_user_mod (semanage_h
 
 	ret = semanage_seuser_set_sename (handle, seuser, seuser_name);
 	if (ret != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("Could not set sename for %s\n"),
 		         login_name);
 		ret = 1;
@@ -164,7 +164,7 @@ static int semanage_user_mod (semanage_h
 
 	ret = semanage_seuser_modify_local (handle, key, seuser);
 	if (ret != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("Could not modify login mapping for %s\n"),
 		         login_name);
 		ret = 1;
@@ -188,7 +188,7 @@ static int semanage_user_add (semanage_h
 
 	ret = semanage_seuser_create (handle, &seuser);
 	if (ret != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("Cannot create SELinux login mapping for %s\n"),
 		         login_name);
 		ret = 1;
@@ -197,7 +197,7 @@ static int semanage_user_add (semanage_h
 
 	ret = semanage_seuser_set_name (handle, seuser, login_name);
 	if (ret != 0) {
-		fprintf (stderr, _("Could not set name for %s\n"), login_name);
+		fprintf (shadow_logfd, _("Could not set name for %s\n"), login_name);
 		ret = 1;
 		goto done;
 	}
@@ -205,7 +205,7 @@ static int semanage_user_add (semanage_h
 #if 0
 	ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
 	if (ret != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("Could not set serange for %s\n"),
 		         login_name);
 		ret = 1;
@@ -215,7 +215,7 @@ static int semanage_user_add (semanage_h
 
 	ret = semanage_seuser_set_sename (handle, seuser, seuser_name);
 	if (ret != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("Could not set SELinux user for %s\n"),
 		         login_name);
 		ret = 1;
@@ -224,7 +224,7 @@ static int semanage_user_add (semanage_h
 
 	ret = semanage_seuser_modify_local (handle, key, seuser);
 	if (ret != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("Could not add login mapping for %s\n"),
 		         login_name);
 		ret = 1;
@@ -252,21 +252,21 @@ int set_seuser (const char *login_name,
 
 	handle = semanage_init ();
 	if (NULL == handle) {
-		fprintf (stderr, _("Cannot init SELinux management\n"));
+		fprintf (shadow_logfd, _("Cannot init SELinux management\n"));
 		ret = 1;
 		goto done;
 	}
 
 	ret = semanage_seuser_key_create (handle, login_name, &key);
 	if (ret != 0) {
-		fprintf (stderr, _("Cannot create SELinux user key\n"));
+		fprintf (shadow_logfd, _("Cannot create SELinux user key\n"));
 		ret = 1;
 		goto done;
 	}
 
 	ret = semanage_seuser_exists (handle, key, &seuser_exists);
 	if (ret < 0) {
-		fprintf (stderr, _("Cannot verify the SELinux user\n"));
+		fprintf (shadow_logfd, _("Cannot verify the SELinux user\n"));
 		ret = 1;
 		goto done;
 	}
@@ -274,7 +274,7 @@ int set_seuser (const char *login_name,
 	if (0 != seuser_exists) {
 		ret = semanage_user_mod (handle, key, login_name, seuser_name);
 		if (ret != 0) {
-			fprintf (stderr,
+			fprintf (shadow_logfd,
 			         _("Cannot modify SELinux user mapping\n"));
 			ret = 1;
 			goto done;
@@ -282,7 +282,7 @@ int set_seuser (const char *login_name,
 	} else {
 		ret = semanage_user_add (handle, key, login_name, seuser_name);
 		if (ret != 0) {
-			fprintf (stderr,
+			fprintf (shadow_logfd,
 			         _("Cannot add SELinux user mapping\n"));
 			ret = 1;
 			goto done;
@@ -291,7 +291,7 @@ int set_seuser (const char *login_name,
 
 	ret = semanage_commit (handle);
 	if (ret < 0) {
-		fprintf (stderr, _("Cannot commit SELinux transaction\n"));
+		fprintf (shadow_logfd, _("Cannot commit SELinux transaction\n"));
 		ret = 1;
 		goto done;
 	}
@@ -317,27 +317,27 @@ int del_seuser (const char *login_name)
 
 	handle = semanage_init ();
 	if (NULL == handle) {
-		fprintf (stderr, _("Cannot init SELinux management\n"));
+		fprintf (shadow_logfd, _("Cannot init SELinux management\n"));
 		ret = 1;
 		goto done;
 	}
 
 	ret = semanage_seuser_key_create (handle, login_name, &key);
 	if (ret != 0) {
-		fprintf (stderr, _("Cannot create SELinux user key\n"));
+		fprintf (shadow_logfd, _("Cannot create SELinux user key\n"));
 		ret = 1;
 		goto done;
 	}
 
 	ret = semanage_seuser_exists (handle, key, &exists);
 	if (ret < 0) {
-		fprintf (stderr, _("Cannot verify the SELinux user\n"));
+		fprintf (shadow_logfd, _("Cannot verify the SELinux user\n"));
 		ret = 1;
 		goto done;
 	}
 
 	if (0 == exists) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("Login mapping for %s is not defined, OK if default mapping was used\n"), 
 		         login_name);
 		ret = 0;  /* probably default mapping */
@@ -346,13 +346,13 @@ int del_seuser (const char *login_name)
 
 	ret = semanage_seuser_exists_local (handle, key, &exists);
 	if (ret < 0) {
-		fprintf (stderr, _("Cannot verify the SELinux user\n"));
+		fprintf (shadow_logfd, _("Cannot verify the SELinux user\n"));
 		ret = 1;
 		goto done;
 	}
 
 	if (0 == exists) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("Login mapping for %s is defined in policy, cannot be deleted\n"), 
 		         login_name);
 		ret = 0; /* Login mapping defined in policy can't be deleted */
@@ -361,7 +361,7 @@ int del_seuser (const char *login_name)
 
 	ret = semanage_seuser_del_local (handle, key);
 	if (ret != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("Could not delete login mapping for %s"),
 		         login_name);
 		ret = 1;
@@ -370,7 +370,7 @@ int del_seuser (const char *login_name)
 
 	ret = semanage_commit (handle);
 	if (ret < 0) {
-		fprintf (stderr, _("Cannot commit SELinux transaction\n"));
+		fprintf (shadow_logfd, _("Cannot commit SELinux transaction\n"));
 		ret = 1;
 		goto done;
 	}
diff -up shadow-4.6/lib/spawn.c.libsubid_not_print_error_messages shadow-4.6/lib/spawn.c
--- shadow-4.6/lib/spawn.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.660172608 +0100
+++ shadow-4.6/lib/spawn.c	2021-11-03 09:24:05.692172863 +0100
@@ -48,7 +48,7 @@ int run_command (const char *cmd, const
 	}
 
 	(void) fflush (stdout);
-	(void) fflush (stderr);
+	(void) fflush (shadow_logfd);
 
 	pid = fork ();
 	if (0 == pid) {
@@ -57,11 +57,11 @@ int run_command (const char *cmd, const
 		if (ENOENT == errno) {
 			exit (E_CMD_NOTFOUND);
 		}
-		fprintf (stderr, "%s: cannot execute %s: %s\n",
+		fprintf (shadow_logfd, "%s: cannot execute %s: %s\n",
 		         Prog, cmd, strerror (errno));
 		exit (E_CMD_NOEXEC);
 	} else if ((pid_t)-1 == pid) {
-		fprintf (stderr, "%s: cannot execute %s: %s\n",
+		fprintf (shadow_logfd, "%s: cannot execute %s: %s\n",
 		         Prog, cmd, strerror (errno));
 		return -1;
 	}
@@ -72,7 +72,7 @@ int run_command (const char *cmd, const
 	         || ((pid_t)-1 != wpid && wpid != pid));
 
 	if ((pid_t)-1 == wpid) {
-		fprintf (stderr, "%s: waitpid (status: %d): %s\n",
+		fprintf (shadow_logfd, "%s: waitpid (status: %d): %s\n",
 		         Prog, *status, strerror (errno));
 		return -1;
 	}
diff -up shadow-4.6/libsubid/api.c.libsubid_not_print_error_messages shadow-4.6/libsubid/api.c
--- shadow-4.6/libsubid/api.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.678172751 +0100
+++ shadow-4.6/libsubid/api.c	2021-11-03 09:24:05.692172863 +0100
@@ -32,12 +32,39 @@
 #include <stdio.h>
 #include <errno.h>
 #include <stdlib.h>
+#include <string.h>
 #include <pwd.h>
 #include <stdbool.h>
 #include "subordinateio.h"
 #include "idmapping.h"
 #include "subid.h"
 
+const char *Prog = "(libsubid)";
+extern FILE * shadow_logfd;
+
+bool libsubid_init(const char *progname, FILE * logfd)
+{
+	if (progname) {
+		progname = strdup(progname);
+		if (progname)
+			Prog = progname;
+		else
+			fprintf(stderr, "Out of memory");
+	}
+
+	if (logfd) {
+		shadow_logfd = logfd;
+		return true;
+	}
+	shadow_logfd = fopen("/dev/null", "w");
+	if (!shadow_logfd) {
+		fprintf(stderr, "ERROR opening /dev/null for error messages.  Using stderr.");
+		shadow_logfd = stderr;
+		return false;
+	}
+	return true;
+}
+
 static
 int get_subid_ranges(const char *owner, enum subid_type id_type, struct subordinate_range ***ranges)
 {
diff -up shadow-4.6/libsubid/subid.h.libsubid_not_print_error_messages shadow-4.6/libsubid/subid.h
--- shadow-4.6/libsubid/subid.h.libsubid_not_print_error_messages	2021-11-03 09:24:05.678172751 +0100
+++ shadow-4.6/libsubid/subid.h	2021-11-03 09:24:05.692172863 +0100
@@ -22,6 +22,22 @@ enum subid_status {
 };
 
 /*
+ * libsubid_init: initialize libsubid
+ *
+ * @progname: Name to display as program.  If NULL, then "(libsubid)" will be
+ *            shown in error messages.
+ * @logfd:    Open file pointer to pass error messages to.  If NULL, then
+ *            /dev/null will be opened and messages will be sent there.  The
+ *            default if libsubid_init() is not called is stderr (2).
+ *
+ * This function does not need to be called.  If not called, then the defaults
+ * will be used.
+ *
+ * Returns false if an error occurred.
+ */
+bool libsubid_init(const char *progname, FILE *logfd);
+
+/*
  * get_subuid_ranges: return a list of UID ranges for a user
  *
  * @owner: username being queried
diff -up shadow-4.6/lib/tcbfuncs.c.libsubid_not_print_error_messages shadow-4.6/lib/tcbfuncs.c
--- shadow-4.6/lib/tcbfuncs.c.libsubid_not_print_error_messages	2018-04-29 18:42:37.000000000 +0200
+++ shadow-4.6/lib/tcbfuncs.c	2021-11-03 09:24:05.693172870 +0100
@@ -72,8 +72,8 @@ shadowtcb_status shadowtcb_gain_priv (vo
  * to exit soon.
  */
 #define OUT_OF_MEMORY do { \
-	fprintf (stderr, _("%s: out of memory\n"), Prog); \
-	(void) fflush (stderr); \
+	fprintf (shadow_logfd, _("%s: out of memory\n"), Prog); \
+	(void) fflush (shadow_logfd); \
 } while (false)
 
 /* Returns user's tcb directory path relative to TCB_DIR. */
@@ -116,7 +116,7 @@ static /*@null@*/ char *shadowtcb_path_r
 		return NULL;
 	}
 	if (lstat (path, &st) != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Cannot stat %s: %s\n"),
 		         Prog, path, strerror (errno));
 		free (path);
@@ -132,7 +132,7 @@ static /*@null@*/ char *shadowtcb_path_r
 		return rval;
 	}
 	if (!S_ISLNK (st.st_mode)) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: %s is neither a directory, nor a symlink.\n"),
 		         Prog, path);
 		free (path);
@@ -140,7 +140,7 @@ static /*@null@*/ char *shadowtcb_path_r
 	}
 	ret = readlink (path, link, sizeof (link) - 1);
 	if (-1 == ret) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Cannot read symbolic link %s: %s\n"),
 		         Prog, path, strerror (errno));
 		free (path);
@@ -149,7 +149,7 @@ static /*@null@*/ char *shadowtcb_path_r
 	free (path);
 	if ((size_t)ret >= sizeof(link) - 1) {
 		link[sizeof(link) - 1] = '\0';
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Suspiciously long symlink: %s\n"),
 		         Prog, link);
 		return NULL;
@@ -207,7 +207,7 @@ static shadowtcb_status mkdir_leading (c
 	}
 	ptr = path;
 	if (stat (TCB_DIR, &st) != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Cannot stat %s: %s\n"),
 		         Prog, TCB_DIR, strerror (errno));
 		goto out_free_path;
@@ -219,19 +219,19 @@ static shadowtcb_status mkdir_leading (c
 			return SHADOWTCB_FAILURE;
 		}
 		if ((mkdir (dir, 0700) != 0) && (errno != EEXIST)) {
-			fprintf (stderr,
+			fprintf (shadow_logfd,
 			         _("%s: Cannot create directory %s: %s\n"),
 			         Prog, dir, strerror (errno));
 			goto out_free_dir;
 		}
 		if (chown (dir, 0, st.st_gid) != 0) {
-			fprintf (stderr,
+			fprintf (shadow_logfd,
 			         _("%s: Cannot change owner of %s: %s\n"),
 			         Prog, dir, strerror (errno));
 			goto out_free_dir;
 		}
 		if (chmod (dir, 0711) != 0) {
-			fprintf (stderr,
+			fprintf (shadow_logfd,
 			         _("%s: Cannot change mode of %s: %s\n"),
 			         Prog, dir, strerror (errno));
 			goto out_free_dir;
@@ -261,7 +261,7 @@ static shadowtcb_status unlink_suffs (co
 			return SHADOWTCB_FAILURE;
 		}
 		if ((unlink (tmp) != 0) && (errno != ENOENT)) {
-			fprintf (stderr,
+			fprintf (shadow_logfd,
 			         _("%s: unlink: %s: %s\n"),
 			         Prog, tmp, strerror (errno));
 			free (tmp);
@@ -286,7 +286,7 @@ static shadowtcb_status rmdir_leading (c
 		}
 		if (rmdir (dir) != 0) {
 			if (errno != ENOTEMPTY) {
-				fprintf (stderr,
+				fprintf (shadow_logfd,
 				         _("%s: Cannot remove directory %s: %s\n"),
 				         Prog, dir, strerror (errno));
 				ret = SHADOWTCB_FAILURE;
@@ -315,7 +315,7 @@ static shadowtcb_status move_dir (const
 		goto out_free_nomem;
 	}
 	if (stat (olddir, &oldmode) != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Cannot stat %s: %s\n"),
 		         Prog, olddir, strerror (errno));
 		goto out_free;
@@ -342,7 +342,7 @@ static shadowtcb_status move_dir (const
 		goto out_free;
 	}
 	if (rename (real_old_dir, real_new_dir) != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Cannot rename %s to %s: %s\n"),
 		         Prog, real_old_dir, real_new_dir, strerror (errno));
 		goto out_free;
@@ -351,7 +351,7 @@ static shadowtcb_status move_dir (const
 		goto out_free;
 	}
 	if ((unlink (olddir) != 0) && (errno != ENOENT)) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Cannot remove %s: %s\n"),
 		         Prog, olddir, strerror (errno));
 		goto out_free;
@@ -365,7 +365,7 @@ static shadowtcb_status move_dir (const
 	}
 	if (   (strcmp (real_new_dir, newdir) != 0)
 	    && (symlink (real_new_dir_rel, newdir) != 0)) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Cannot create symbolic link %s: %s\n"),
 		         Prog, real_new_dir_rel, strerror (errno));
 		goto out_free;
@@ -464,37 +464,37 @@ shadowtcb_status shadowtcb_move (/*@NULL
 		return SHADOWTCB_FAILURE;
 	}
 	if (stat (tcbdir, &dirmode) != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Cannot stat %s: %s\n"),
 		         Prog, tcbdir, strerror (errno));
 		goto out_free;
 	}
 	if (chown (tcbdir, 0, 0) != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Cannot change owners of %s: %s\n"),
 		         Prog, tcbdir, strerror (errno));
 		goto out_free;
 	}
 	if (chmod (tcbdir, 0700) != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Cannot change mode of %s: %s\n"),
 		         Prog, tcbdir, strerror (errno));
 		goto out_free;
 	}
 	if (lstat (shadow, &filemode) != 0) {
 		if (errno != ENOENT) {
-			fprintf (stderr,
+			fprintf (shadow_logfd,
 			         _("%s: Cannot lstat %s: %s\n"),
 			         Prog, shadow, strerror (errno));
 			goto out_free;
 		}
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Warning, user %s has no tcb shadow file.\n"),
 		         Prog, user_newname);
 	} else {
 		if (!S_ISREG (filemode.st_mode) ||
 			filemode.st_nlink != 1) {
-			fprintf (stderr,
+			fprintf (shadow_logfd,
 			         _("%s: Emergency: %s's tcb shadow is not a "
 			           "regular file with st_nlink=1.\n"
 			           "The account is left locked.\n"),
@@ -502,13 +502,13 @@ shadowtcb_status shadowtcb_move (/*@NULL
 			goto out_free;
 		}
 		if (chown (shadow, user_newid, filemode.st_gid) != 0) {
-			fprintf (stderr,
+			fprintf (shadow_logfd,
 			         _("%s: Cannot change owner of %s: %s\n"),
 			         Prog, shadow, strerror (errno));
 			goto out_free;
 		}
 		if (chmod (shadow, filemode.st_mode & 07777) != 0) {
-			fprintf (stderr,
+			fprintf (shadow_logfd,
 			         _("%s: Cannot change mode of %s: %s\n"),
 			         Prog, shadow, strerror (errno));
 			goto out_free;
@@ -518,7 +518,7 @@ shadowtcb_status shadowtcb_move (/*@NULL
 		goto out_free;
 	}
 	if (chown (tcbdir, user_newid, dirmode.st_gid) != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Cannot change owner of %s: %s\n"),
 		         Prog, tcbdir, strerror (errno));
 		goto out_free;
@@ -543,7 +543,7 @@ shadowtcb_status shadowtcb_create (const
 		return SHADOWTCB_SUCCESS;
 	}
 	if (stat (TCB_DIR, &tcbdir_stat) != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Cannot stat %s: %s\n"),
 		         Prog, TCB_DIR, strerror (errno));
 		return SHADOWTCB_FAILURE;
@@ -563,39 +563,39 @@ shadowtcb_status shadowtcb_create (const
 		return SHADOWTCB_FAILURE;
 	}
 	if (mkdir (dir, 0700) != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: mkdir: %s: %s\n"),
 		         Prog, dir, strerror (errno));
 		goto out_free;
 	}
 	fd = open (shadow, O_RDWR | O_CREAT | O_TRUNC, 0600);
 	if (fd < 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Cannot open %s: %s\n"),
 		         Prog, shadow, strerror (errno));
 		goto out_free;
 	}
 	close (fd);
 	if (chown (shadow, 0, authgid) != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Cannot change owner of %s: %s\n"),
 		         Prog, shadow, strerror (errno));
 		goto out_free;
 	}
 	if (chmod (shadow, (mode_t) ((authgid == shadowgid) ? 0600 : 0640)) != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Cannot change mode of %s: %s\n"),
 		         Prog, shadow, strerror (errno));
 		goto out_free;
 	}
 	if (chown (dir, 0, authgid) != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Cannot change owner of %s: %s\n"),
 		         Prog, dir, strerror (errno));
 		goto out_free;
 	}
 	if (chmod (dir, (mode_t) ((authgid == shadowgid) ? 02700 : 02710)) != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Cannot change mode of %s: %s\n"),
 		         Prog, dir, strerror (errno));
 		goto out_free;
diff -up shadow-4.6/src/chage.c.libsubid_not_print_error_messages shadow-4.6/src/chage.c
--- shadow-4.6/src/chage.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.655172568 +0100
+++ shadow-4.6/src/chage.c	2021-11-03 09:24:05.694172878 +0100
@@ -66,6 +66,7 @@
  * Global variables
  */
 const char *Prog;
+FILE *shadow_logfd = NULL;
 
 static bool
     dflg = false,		/* set last password change date */
@@ -806,6 +807,7 @@ int main (int argc, char **argv)
 	 * Get the program name so that error messages can use it.
 	 */
 	Prog = Basename (argv[0]);
+	shadow_logfd = stderr;
 
 	sanitize_env ();
 	(void) setlocale (LC_ALL, "");
diff -up shadow-4.6/src/check_subid_range.c.libsubid_not_print_error_messages shadow-4.6/src/check_subid_range.c
--- shadow-4.6/src/check_subid_range.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.678172751 +0100
+++ shadow-4.6/src/check_subid_range.c	2021-11-03 09:24:05.694172878 +0100
@@ -18,6 +18,7 @@
 #include "idmapping.h"
 
 const char *Prog;
+FILE *shadow_logfd = NULL;
 
 int main(int argc, char **argv)
 {
@@ -25,6 +26,7 @@ int main(int argc, char **argv)
 	unsigned long start, count;
 	bool check_uids;
 	Prog = Basename (argv[0]);
+	shadow_logfd = stderr;
 
 	if (argc != 5)
 		exit(1);
diff -up shadow-4.6/src/chfn.c.libsubid_not_print_error_messages shadow-4.6/src/chfn.c
--- shadow-4.6/src/chfn.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.662172624 +0100
+++ shadow-4.6/src/chfn.c	2021-11-03 09:24:05.695172886 +0100
@@ -61,6 +61,7 @@
  * Global variables.
  */
 const char *Prog;
+FILE *shadow_logfd = NULL;
 static char fullnm[BUFSIZ];
 static char roomno[BUFSIZ];
 static char workph[BUFSIZ];
@@ -639,6 +640,7 @@ int main (int argc, char **argv)
 	 * prefix to most error messages.
 	 */
 	Prog = Basename (argv[0]);
+	shadow_logfd = stderr;
 
 	sanitize_env ();
 	(void) setlocale (LC_ALL, "");
diff -up shadow-4.6/src/chgpasswd.c.libsubid_not_print_error_messages shadow-4.6/src/chgpasswd.c
--- shadow-4.6/src/chgpasswd.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.662172624 +0100
+++ shadow-4.6/src/chgpasswd.c	2021-11-03 09:32:53.937617545 +0100
@@ -66,6 +66,7 @@
  * Global variables
  */
 const char *Prog;
+FILE *shadow_logfd = NULL;
 static bool eflg   = false;
 static bool md5flg = false;
 #ifdef USE_SHA_CRYPT
@@ -466,6 +467,7 @@ int main (int argc, char **argv)
 	int line = 0;
 
 	Prog = Basename (argv[0]);
+	shadow_logfd = stderr;
 
 	(void) setlocale (LC_ALL, "");
 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
diff -up shadow-4.6/src/chpasswd.c.libsubid_not_print_error_messages shadow-4.6/src/chpasswd.c
--- shadow-4.6/src/chpasswd.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.662172624 +0100
+++ shadow-4.6/src/chpasswd.c	2021-11-03 09:33:19.029832153 +0100
@@ -63,6 +63,7 @@
  * Global variables
  */
 const char *Prog;
+FILE *shadow_logfd = NULL;
 static bool eflg   = false;
 static bool md5flg = false;
 #ifdef USE_SHA_CRYPT
@@ -453,6 +454,7 @@ int main (int argc, char **argv)
 	int line = 0;
 
 	Prog = Basename (argv[0]);
+	shadow_logfd = stderr;
 
 	(void) setlocale (LC_ALL, "");
 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
diff -up shadow-4.6/src/chsh.c.libsubid_not_print_error_messages shadow-4.6/src/chsh.c
--- shadow-4.6/src/chsh.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.662172624 +0100
+++ shadow-4.6/src/chsh.c	2021-11-03 09:24:05.697172902 +0100
@@ -63,6 +63,7 @@
  * Global variables
  */
 const char *Prog;		/* Program name */
+FILE *shadow_logfd = NULL;
 static bool amroot;		/* Real UID is root */
 static char loginsh[BUFSIZ];	/* Name of new login shell */
 /* command line options */
@@ -446,6 +447,7 @@ int main (int argc, char **argv)
 	 * most error messages.
 	 */
 	Prog = Basename (argv[0]);
+	shadow_logfd = stderr;
 
 	(void) setlocale (LC_ALL, "");
 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
diff -up shadow-4.6/src/expiry.c.libsubid_not_print_error_messages shadow-4.6/src/expiry.c
--- shadow-4.6/src/expiry.c.libsubid_not_print_error_messages	2018-04-29 18:42:37.000000000 +0200
+++ shadow-4.6/src/expiry.c	2021-11-03 09:24:05.698172910 +0100
@@ -46,6 +46,7 @@
 
 /* Global variables */
 const char *Prog;
+FILE *shadow_logfd = NULL;
 static bool cflg = false;
 
 /* local function prototypes */
@@ -144,6 +145,7 @@ int main (int argc, char **argv)
 	struct spwd *spwd;
 
 	Prog = Basename (argv[0]);
+	shadow_logfd = stderr;
 
 	sanitize_env ();
 
diff -up shadow-4.6/src/faillog.c.libsubid_not_print_error_messages shadow-4.6/src/faillog.c
--- shadow-4.6/src/faillog.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.655172568 +0100
+++ shadow-4.6/src/faillog.c	2021-11-03 09:24:05.698172910 +0100
@@ -62,6 +62,7 @@ static void reset (void);
  * Global variables
  */
 const char *Prog;		/* Program name */
+FILE *shadow_logfd = NULL;
 static FILE *fail;		/* failure file stream */
 static time_t seconds;		/* that number of days in seconds */
 static unsigned long umin;	/* if uflg and has_umin, only display users with uid >= umin */
@@ -573,6 +574,7 @@ int main (int argc, char **argv)
 	 * most error messages.
 	 */
 	Prog = Basename (argv[0]);
+	shadow_logfd = stderr;
 
 	(void) setlocale (LC_ALL, "");
 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
diff -up shadow-4.6/src/free_subid_range.c.libsubid_not_print_error_messages shadow-4.6/src/free_subid_range.c
--- shadow-4.6/src/free_subid_range.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.678172751 +0100
+++ shadow-4.6/src/free_subid_range.c	2021-11-03 09:24:05.698172910 +0100
@@ -7,6 +7,7 @@
 /* Test program for the subid freeing routine */
 
 const char *Prog;
+FILE *shadow_logfd = NULL;
 
 void usage(void)
 {
@@ -23,6 +24,7 @@ int main(int argc, char *argv[])
 	bool group = false;   // get subuids by default
 
 	Prog = Basename (argv[0]);
+	shadow_logfd = stderr;
 	while ((c = getopt(argc, argv, "g")) != EOF) {
 		switch(c) {
 		case 'g': group = true; break;
diff -up shadow-4.6/src/get_subid_owners.c.libsubid_not_print_error_messages shadow-4.6/src/get_subid_owners.c
--- shadow-4.6/src/get_subid_owners.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.678172751 +0100
+++ shadow-4.6/src/get_subid_owners.c	2021-11-03 09:24:05.699172918 +0100
@@ -4,6 +4,7 @@
 #include "prototypes.h"
 
 const char *Prog;
+FILE *shadow_logfd = NULL;
 
 void usage(void)
 {
@@ -19,6 +20,7 @@ int main(int argc, char *argv[])
 	uid_t *uids;
 
 	Prog = Basename (argv[0]);
+	shadow_logfd = stderr;
 	if (argc < 2) {
 		usage();
 	}
diff -up shadow-4.6/src/gpasswd.c.libsubid_not_print_error_messages shadow-4.6/src/gpasswd.c
--- shadow-4.6/src/gpasswd.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.662172624 +0100
+++ shadow-4.6/src/gpasswd.c	2021-11-03 09:24:05.699172918 +0100
@@ -58,6 +58,7 @@
  */
 /* The name of this command, as it is invoked */
 const char *Prog;
+FILE *shadow_logfd = NULL;
 
 #ifdef SHADOWGRP
 /* Indicate if shadow groups are enabled on the system
@@ -926,6 +927,7 @@ int main (int argc, char **argv)
 	 */
 	bywho = getuid ();
 	Prog = Basename (argv[0]);
+	shadow_logfd = stderr;
 
 	OPENLOG ("gpasswd");
 	setbuf (stdout, NULL);
diff -up shadow-4.6/src/groupadd.c.libsubid_not_print_error_messages shadow-4.6/src/groupadd.c
--- shadow-4.6/src/groupadd.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.662172624 +0100
+++ shadow-4.6/src/groupadd.c	2021-11-03 09:24:05.700172926 +0100
@@ -72,6 +72,7 @@
  * Global variables
  */
 const char *Prog;
+FILE *shadow_logfd = NULL;
 
 static /*@null@*/char *group_name;
 static gid_t group_id;
@@ -582,6 +583,7 @@ int main (int argc, char **argv)
 	 * Get my name so that I can use it to report errors.
 	 */
 	Prog = Basename (argv[0]);
+	shadow_logfd = stderr;
 
 	(void) setlocale (LC_ALL, "");
 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
diff -up shadow-4.6/src/groupdel.c.libsubid_not_print_error_messages shadow-4.6/src/groupdel.c
--- shadow-4.6/src/groupdel.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.662172624 +0100
+++ shadow-4.6/src/groupdel.c	2021-11-03 09:24:05.700172926 +0100
@@ -58,6 +58,7 @@
  * Global variables
  */
 const char *Prog;
+FILE *shadow_logfd = NULL;
 
 static char *group_name;
 static gid_t group_id = -1;
@@ -377,6 +378,7 @@ int main (int argc, char **argv)
 	 * Get my name so that I can use it to report errors.
 	 */
 	Prog = Basename (argv[0]);
+	shadow_logfd = stderr;
 
 	(void) setlocale (LC_ALL, "");
 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
diff -up shadow-4.6/src/groupmems.c.libsubid_not_print_error_messages shadow-4.6/src/groupmems.c
--- shadow-4.6/src/groupmems.c.libsubid_not_print_error_messages	2018-04-29 18:42:37.000000000 +0200
+++ shadow-4.6/src/groupmems.c	2021-11-03 09:24:05.701172934 +0100
@@ -65,6 +65,7 @@
  * Global variables
  */
 const char *Prog;
+FILE *shadow_logfd = NULL;
 
 static char *adduser = NULL;
 static char *deluser = NULL;
@@ -595,6 +596,7 @@ int main (int argc, char **argv)
 	 * Get my name so that I can use it to report errors.
 	 */
 	Prog = Basename (argv[0]);
+	shadow_logfd = stderr;
 
 	(void) setlocale (LC_ALL, "");
 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
diff -up shadow-4.6/src/groupmod.c.libsubid_not_print_error_messages shadow-4.6/src/groupmod.c
--- shadow-4.6/src/groupmod.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.662172624 +0100
+++ shadow-4.6/src/groupmod.c	2021-11-03 09:24:05.702172942 +0100
@@ -76,6 +76,7 @@
  * Global variables
  */
 const char *Prog;
+FILE *shadow_logfd = NULL;
 
 #ifdef	SHADOWGRP
 static bool is_shadow_grp;
@@ -799,6 +800,7 @@ int main (int argc, char **argv)
 	 * Get my name so that I can use it to report errors.
 	 */
 	Prog = Basename (argv[0]);
+	shadow_logfd = stderr;
 
 	(void) setlocale (LC_ALL, "");
 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
diff -up shadow-4.6/src/groups.c.libsubid_not_print_error_messages shadow-4.6/src/groups.c
--- shadow-4.6/src/groups.c.libsubid_not_print_error_messages	2018-04-29 18:42:37.000000000 +0200
+++ shadow-4.6/src/groups.c	2021-11-03 09:24:05.702172942 +0100
@@ -43,6 +43,7 @@
  * Global variables
  */
 const char *Prog;
+FILE *shadow_logfd = NULL;
 
 /* local function prototypes */
 static void print_groups (const char *member);
@@ -126,6 +127,7 @@ int main (int argc, char **argv)
 	 * Get the program name so that error messages can use it.
 	 */
 	Prog = Basename (argv[0]);
+	shadow_logfd = stderr;
 
 	if (argc == 1) {
 
diff -up shadow-4.6/src/grpck.c.libsubid_not_print_error_messages shadow-4.6/src/grpck.c
--- shadow-4.6/src/grpck.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.662172624 +0100
+++ shadow-4.6/src/grpck.c	2021-11-03 09:24:05.703172950 +0100
@@ -68,6 +68,7 @@
  * Global variables
  */
 const char *Prog;
+FILE *shadow_logfd = NULL;
 
 static const char *grp_file = GROUP_FILE;
 static bool use_system_grp_file = true;
@@ -836,6 +837,7 @@ int main (int argc, char **argv)
 	 * Get my name so that I can use it to report errors.
 	 */
 	Prog = Basename (argv[0]);
+	shadow_logfd = stderr;
 
 	(void) setlocale (LC_ALL, "");
 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
diff -up shadow-4.6/src/grpconv.c.libsubid_not_print_error_messages shadow-4.6/src/grpconv.c
--- shadow-4.6/src/grpconv.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.663172632 +0100
+++ shadow-4.6/src/grpconv.c	2021-11-03 09:24:05.703172950 +0100
@@ -59,6 +59,7 @@
  * Global variables
  */
 const char *Prog;
+FILE *shadow_logfd = NULL;
 
 static bool gr_locked  = false;
 static bool sgr_locked = false;
@@ -146,6 +147,7 @@ int main (int argc, char **argv)
 	struct sgrp sgent;
 
 	Prog = Basename (argv[0]);
+	shadow_logfd = stderr;
 
 	(void) setlocale (LC_ALL, "");
 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
diff -up shadow-4.6/src/grpunconv.c.libsubid_not_print_error_messages shadow-4.6/src/grpunconv.c
--- shadow-4.6/src/grpunconv.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.663172632 +0100
+++ shadow-4.6/src/grpunconv.c	2021-11-03 09:24:05.704172958 +0100
@@ -59,6 +59,7 @@
  * Global variables
  */
 const char *Prog;
+FILE *shadow_logfd = NULL;
 
 static bool gr_locked  = false;
 static bool sgr_locked = false;
@@ -145,6 +146,7 @@ int main (int argc, char **argv)
 	const struct sgrp *sg;
 
 	Prog = Basename (argv[0]);
+	shadow_logfd = stderr;
 
 	(void) setlocale (LC_ALL, "");
 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
diff -up shadow-4.6/src/lastlog.c.libsubid_not_print_error_messages shadow-4.6/src/lastlog.c
--- shadow-4.6/src/lastlog.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.655172568 +0100
+++ shadow-4.6/src/lastlog.c	2021-11-03 09:24:05.704172958 +0100
@@ -58,6 +58,7 @@
  * Global variables
  */
 const char *Prog;		/* Program name */
+FILE *shadow_logfd = NULL;
 static FILE *lastlogfile;	/* lastlog file stream */
 static unsigned long umin;	/* if uflg and has_umin, only display users with uid >= umin */
 static bool has_umin = false;
@@ -283,6 +284,7 @@ int main (int argc, char **argv)
 	 * most error messages.
 	 */
 	Prog = Basename (argv[0]);
+	shadow_logfd = stderr;
 
 	(void) setlocale (LC_ALL, "");
 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
diff -up shadow-4.6/src/list_subid_ranges.c.libsubid_not_print_error_messages shadow-4.6/src/list_subid_ranges.c
--- shadow-4.6/src/list_subid_ranges.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.679172759 +0100
+++ shadow-4.6/src/list_subid_ranges.c	2021-11-03 09:24:05.704172958 +0100
@@ -4,6 +4,7 @@
 #include "prototypes.h"
 
 const char *Prog;
+FILE *shadow_logfd = NULL;
 
 void usage(void)
 {
@@ -19,6 +20,7 @@ int main(int argc, char *argv[])
 	struct subordinate_range **ranges;
 
 	Prog = Basename (argv[0]);
+	shadow_logfd = stderr;
 	if (argc < 2) {
 		usage();
 	}
diff -up shadow-4.6/src/login.c.libsubid_not_print_error_messages shadow-4.6/src/login.c
--- shadow-4.6/src/login.c.libsubid_not_print_error_messages	2018-04-29 18:42:37.000000000 +0200
+++ shadow-4.6/src/login.c	2021-11-03 09:24:05.705172966 +0100
@@ -83,6 +83,7 @@ static pam_handle_t *pamh = NULL;
  * Global variables
  */
 const char *Prog;
+FILE *shadow_logfd = NULL;
 
 static const char *hostname = "";
 static /*@null@*/ /*@only@*/char *username = NULL;
@@ -562,6 +563,7 @@ int main (int argc, char **argv)
 
 	amroot = (getuid () == 0);
 	Prog = Basename (argv[0]);
+	shadow_logfd = stderr;
 
 	if (geteuid() != 0) {
 		fprintf (stderr, _("%s: Cannot possibly work without effective root\n"), Prog);
diff -up shadow-4.6/src/logoutd.c.libsubid_not_print_error_messages shadow-4.6/src/logoutd.c
--- shadow-4.6/src/logoutd.c.libsubid_not_print_error_messages	2018-04-29 18:42:37.000000000 +0200
+++ shadow-4.6/src/logoutd.c	2021-11-03 09:24:05.706172974 +0100
@@ -44,6 +44,7 @@
  * Global variables
  */
 const char *Prog;
+FILE *shadow_logfd = NULL;
 
 #ifndef DEFAULT_HUP_MESG
 #define DEFAULT_HUP_MESG _("login time exceeded\n\n")
@@ -187,6 +188,7 @@ int main (int argc, char **argv)
 	 * Start syslogging everything
 	 */
 	Prog = Basename (argv[0]);
+	shadow_logfd = stderr;
 
 	OPENLOG ("logoutd");
 
diff -up shadow-4.6/src/newgidmap.c.libsubid_not_print_error_messages shadow-4.6/src/newgidmap.c
--- shadow-4.6/src/newgidmap.c.libsubid_not_print_error_messages	2018-04-29 18:42:37.000000000 +0200
+++ shadow-4.6/src/newgidmap.c	2021-11-03 09:24:05.706172974 +0100
@@ -45,6 +45,7 @@
  * Global variables
  */
 const char *Prog;
+FILE *shadow_logfd = NULL;
 
 
 static bool verify_range(struct passwd *pw, struct map_range *range, bool *allow_setgroups)
@@ -175,6 +176,7 @@ int main(int argc, char **argv)
 	bool allow_setgroups = false;
 
 	Prog = Basename (argv[0]);
+	shadow_logfd = stderr;
 
 	/*
 	 * The valid syntax are
diff -up shadow-4.6/src/newgrp.c.libsubid_not_print_error_messages shadow-4.6/src/newgrp.c
--- shadow-4.6/src/newgrp.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.650172528 +0100
+++ shadow-4.6/src/newgrp.c	2021-11-03 09:24:05.707172982 +0100
@@ -49,6 +49,7 @@
  * Global variables
  */
 const char *Prog;
+FILE *shadow_logfd = NULL;
 
 extern char **newenvp;
 extern char **environ;
@@ -443,6 +444,7 @@ int main (int argc, char **argv)
 	 * don't need to re-exec anything.  -- JWP
 	 */
 	Prog = Basename (argv[0]);
+	shadow_logfd = stderr;
 	is_newgrp = (strcmp (Prog, "newgrp") == 0);
 	OPENLOG (is_newgrp ? "newgrp" : "sg");
 	gid = getgid ();
diff -up shadow-4.6/src/new_subid_range.c.libsubid_not_print_error_messages shadow-4.6/src/new_subid_range.c
--- shadow-4.6/src/new_subid_range.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.679172759 +0100
+++ shadow-4.6/src/new_subid_range.c	2021-11-03 09:24:05.707172982 +0100
@@ -7,6 +7,7 @@
 /* Test program for the subid creation routine */
 
 const char *Prog;
+FILE *shadow_logfd = NULL;
 
 void usage(void)
 {
@@ -26,6 +27,7 @@ int main(int argc, char *argv[])
 	bool ok;
 
 	Prog = Basename (argv[0]);
+	shadow_logfd = stderr;
 	while ((c = getopt(argc, argv, "gn")) != EOF) {
 		switch(c) {
 		case 'n': makenew = true; break;
diff -up shadow-4.6/src/newuidmap.c.libsubid_not_print_error_messages shadow-4.6/src/newuidmap.c
--- shadow-4.6/src/newuidmap.c.libsubid_not_print_error_messages	2018-04-29 18:42:37.000000000 +0200
+++ shadow-4.6/src/newuidmap.c	2021-11-03 09:24:05.707172982 +0100
@@ -45,6 +45,7 @@
  * Global variables
  */
 const char *Prog;
+FILE *shadow_logfd = NULL;
 
 static bool verify_range(struct passwd *pw, struct map_range *range)
 {
@@ -105,6 +106,7 @@ int main(int argc, char **argv)
 	int written;
 
 	Prog = Basename (argv[0]);
+	shadow_logfd = stderr;
 
 	/*
 	 * The valid syntax are
diff -up shadow-4.6/src/newusers.c.libsubid_not_print_error_messages shadow-4.6/src/newusers.c
--- shadow-4.6/src/newusers.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.670172687 +0100
+++ shadow-4.6/src/newusers.c	2021-11-03 09:24:05.708172990 +0100
@@ -75,6 +75,7 @@
  * Global variables
  */
 const char *Prog;
+FILE *shadow_logfd = NULL;
 
 static bool rflg = false;	/* create a system account */
 #ifndef USE_PAM
@@ -970,6 +971,7 @@ int main (int argc, char **argv)
 #endif				/* USE_PAM */
 
 	Prog = Basename (argv[0]);
+	shadow_logfd = stderr;
 
 	(void) setlocale (LC_ALL, "");
 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
diff -up shadow-4.6/src/passwd.c.libsubid_not_print_error_messages shadow-4.6/src/passwd.c
--- shadow-4.6/src/passwd.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.663172632 +0100
+++ shadow-4.6/src/passwd.c	2021-11-03 09:24:05.709172998 +0100
@@ -72,6 +72,7 @@
  * Global variables
  */
 const char *Prog;		/* Program name */
+FILE *shadow_logfd = NULL;
 
 static char *name;		/* The name of user whose password is being changed */
 static char *myname;		/* The current user's name */
@@ -808,6 +809,7 @@ int main (int argc, char **argv)
 	 * most error messages.
 	 */
 	Prog = Basename (argv[0]);
+	shadow_logfd = stderr;
 
 	(void) setlocale (LC_ALL, "");
 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
diff -up shadow-4.6/src/pwck.c.libsubid_not_print_error_messages shadow-4.6/src/pwck.c
--- shadow-4.6/src/pwck.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.663172632 +0100
+++ shadow-4.6/src/pwck.c	2021-11-03 09:24:05.709172998 +0100
@@ -70,6 +70,7 @@
  * Global variables
  */
 const char *Prog;
+FILE *shadow_logfd = NULL;
 
 static bool use_system_pw_file = true;
 static bool use_system_spw_file = true;
diff -up shadow-4.6/src/pwconv.c.libsubid_not_print_error_messages shadow-4.6/src/pwconv.c
--- shadow-4.6/src/pwconv.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.663172632 +0100
+++ shadow-4.6/src/pwconv.c	2021-11-03 09:24:05.709172998 +0100
@@ -89,6 +89,7 @@
  * Global variables
  */
 const char *Prog;
+FILE *shadow_logfd = NULL;
 
 static bool spw_locked = false;
 static bool pw_locked = false;
@@ -176,6 +177,7 @@ int main (int argc, char **argv)
 	struct spwd spent;
 
 	Prog = Basename (argv[0]);
+	shadow_logfd = stderr;
 
 	(void) setlocale (LC_ALL, "");
 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
diff -up shadow-4.6/src/pwunconv.c.libsubid_not_print_error_messages shadow-4.6/src/pwunconv.c
--- shadow-4.6/src/pwunconv.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.663172632 +0100
+++ shadow-4.6/src/pwunconv.c	2021-11-03 09:24:05.710173006 +0100
@@ -53,6 +53,7 @@
  * Global variables
  */
 const char *Prog;
+FILE *shadow_logfd = NULL;
 
 static bool spw_locked = false;
 static bool pw_locked = false;
@@ -137,6 +138,7 @@ int main (int argc, char **argv)
 	const struct spwd *spwd;
 
 	Prog = Basename (argv[0]);
+	shadow_logfd = stderr;
 
 	(void) setlocale (LC_ALL, "");
 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
diff -up shadow-4.6/src/su.c.libsubid_not_print_error_messages shadow-4.6/src/su.c
--- shadow-4.6/src/su.c.libsubid_not_print_error_messages	2018-04-29 18:42:37.000000000 +0200
+++ shadow-4.6/src/su.c	2021-11-03 09:24:05.710173006 +0100
@@ -82,6 +82,7 @@
  * Global variables
  */
 const char *Prog;
+FILE *shadow_logfd = NULL;
 static /*@observer@*/const char *caller_tty = NULL;	/* Name of tty SU is run from */
 static bool caller_is_root = false;
 static uid_t caller_uid;
@@ -699,6 +700,7 @@ static void save_caller_context (char **
 	 * most error messages.
 	 */
 	Prog = Basename (argv[0]);
+	shadow_logfd = stderr;
 
 	caller_uid = getuid ();
 	caller_is_root = (caller_uid == 0);
diff -up shadow-4.6/src/sulogin.c.libsubid_not_print_error_messages shadow-4.6/src/sulogin.c
--- shadow-4.6/src/sulogin.c.libsubid_not_print_error_messages	2018-04-29 18:42:37.000000000 +0200
+++ shadow-4.6/src/sulogin.c	2021-11-03 09:24:05.710173006 +0100
@@ -50,6 +50,7 @@
  * Global variables
  */
 const char *Prog;
+FILE *shadow_logfd = NULL;
 
 static char name[BUFSIZ];
 static char pass[BUFSIZ];
@@ -106,6 +107,7 @@ static RETSIGTYPE catch_signals (unused
 #endif
 
 	Prog = Basename (argv[0]);
+	shadow_logfd = stderr;
 	(void) setlocale (LC_ALL, "");
 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
 	(void) textdomain (PACKAGE);
diff -up shadow-4.6/src/useradd.c.libsubid_not_print_error_messages shadow-4.6/src/useradd.c
--- shadow-4.6/src/useradd.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.672172703 +0100
+++ shadow-4.6/src/useradd.c	2021-11-03 09:24:05.711173014 +0100
@@ -92,6 +92,7 @@
  * Global variables
  */
 const char *Prog;
+FILE *shadow_logfd = NULL;
 
 /*
  * These defaults are used if there is no defaults file.
@@ -2176,6 +2177,7 @@ int main (int argc, char **argv)
 	 * Get my name so that I can use it to report errors.
 	 */
 	Prog = Basename (argv[0]);
+	shadow_logfd = stderr;
 
 	(void) setlocale (LC_ALL, "");
 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
diff -up shadow-4.6/src/userdel.c.libsubid_not_print_error_messages shadow-4.6/src/userdel.c
--- shadow-4.6/src/userdel.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.663172632 +0100
+++ shadow-4.6/src/userdel.c	2021-11-03 09:24:05.712173022 +0100
@@ -89,6 +89,7 @@
  * Global variables
  */
 const char *Prog;
+FILE *shadow_logfd = NULL;
 
 static char *user_name;
 static uid_t user_id;
@@ -939,6 +940,7 @@ int main (int argc, char **argv)
 	 * Get my name so that I can use it to report errors.
 	 */
 	Prog = Basename (argv[0]);
+	shadow_logfd = stderr;
 	(void) setlocale (LC_ALL, "");
 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
 	(void) textdomain (PACKAGE);
diff -up shadow-4.6/src/usermod.c.libsubid_not_print_error_messages shadow-4.6/src/usermod.c
--- shadow-4.6/src/usermod.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.674172719 +0100
+++ shadow-4.6/src/usermod.c	2021-11-03 09:24:05.712173022 +0100
@@ -102,6 +102,7 @@
  * Global variables
  */
 const char *Prog;
+FILE *shadow_logfd = NULL;
 
 static char *user_name;
 static char *user_newname;
@@ -2125,6 +2126,7 @@ int main (int argc, char **argv)
 	 * Get my name so that I can use it to report errors.
 	 */
 	Prog = Basename (argv[0]);
+	shadow_logfd = stderr;
 
 	(void) setlocale (LC_ALL, "");
 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
diff -up shadow-4.6/src/vipw.c.libsubid_not_print_error_messages shadow-4.6/src/vipw.c
--- shadow-4.6/src/vipw.c.libsubid_not_print_error_messages	2021-11-03 09:24:05.664172640 +0100
+++ shadow-4.6/src/vipw.c	2021-11-03 09:24:05.713173030 +0100
@@ -63,6 +63,7 @@
  * Global variables
  */
 const char *Prog;
+FILE *shadow_logfd = NULL;
 
 static const char *filename, *fileeditname;
 static bool filelocked = false;
@@ -438,6 +439,7 @@ int main (int argc, char **argv)
 	bool do_vipw;
 
 	Prog = Basename (argv[0]);
+	shadow_logfd = stderr;
 
 	(void) setlocale (LC_ALL, "");
 	(void) bindtextdomain (PACKAGE, LOCALEDIR);