Difference between su -c and runuser -l -c

I need to run some command lines as particular user in a shell script.

I've found (at least) two way:

su user -c 'command'

runuser -l user -c 'command'

Is there a significant difference between this two commands?


As already written in question comments, runuser is basically a su that doesn't use the PAM stack.

To provide a little more detail, as per blog post of Dan Walsh - one of runuser authors - it seems that runuser is actually compiled from su sources except with the PAM stack excluded from compilation. The difference is that using runuser instead of su can prevent some SELinux errors. That post also says this:

Whenever an service is running as root and wants to change UID using the shell it should use runuser.

When you are logged in to a shell as a user and want to become root, you should use su. (Or better yet sudo)