As it happens that isn't a XAMPP issue, its an Apache design choice. I am unsure if it can be circumvented without doing more research.
ONLY 'root' can start Apache. Because under Unix/Linux a process has the rights of its owner, Apache deliberately de-escalates the ownership to prevent the webserver from becoming an attack vector. Presumably, to prevent users from doing exactly what you describe -- using system files.
Here's the relevant documentation, I'm unsure if you can delegate 'root' to be the de-escalated user.http://httpd.apache.org/docs/current/mi ... _tips.html