One option would be to run a daemon that has the privileges that are needed, and communicate with it via Unix sockets. That way the Apache user only has the privileges it needs, and the daemon the ones it needs.