When a user goes to a web address, they see
Code:
http://subdomain.domain/path_to_something
They can modify or go to anything they want by replacing "path_to_something" (either directly or when directed there by an embedded html image or a link). When they do, it translates to /var/www/path_to_something on your machine (or wherever the Apache root is located).
When you stick a file:// directive, that sends them to:
Code:
http://subdomain.domain/file:///home/username/Desktop/Image.jpg
Which then translates into:
Code:
/var/www/file:///home/username/Desktop/Image.jpg
Which is of course nonsense.
Everything works on relative locations in Apache (or if it's absolute, it must be an absolute WEB address, not an absolute location on your filesystem). You could symlink the file into /var/www so that it will be accessible, but you can't go throwing arbitrary locations on your filesystem into html pages. If you could, it would be a MASSIVE security risk. If somebody could access
Code:
http://subdomain.domain/file:///home/username/Desktop/Image.jpg
what would keep them from accessing
Code:
http://subdomain.domain/file:///etc/passwd
or your network configuration, or share names, or hostnames of other machines on your network. Just by sticking a "file://" directive in the web address they could have nearly limitless access to your local filesystem.
You can think of the Apache root like a chroot jail for web users. They can only access what's inside that directory. As far as they're concerned, that's the root of the filesystem, there are no higher level or sister directories, only files and subdirectories within /var/www/.