Terminology

In this answer:

• normaluser is a normal user who is not an administrator and cannot run commands as root with sudo.
• admin is an administrator who can run commands as root with sudo. (Of course, any graphical commands should use a graphical frontend like gksu/gksudo, and not sudo directly.)
• anyapplication is the name of the graphical application normaluser wants to run as root. normaluser knows admin's password and has (presumably) been told s/he may use it for this purpose.

The Problem

The cause of your problem, and the reason most of the other answers so far don't work (with the exception of Marty Fried's excellent answer), is:

• gksu can be configured to use either sudo or su as its backend. The default behavior of gksu in Ubuntu is to act as a frontend for sudo, not for su. That is to say that, by default, gksu and gksudo behave exactly the same. See the manpage.
• normaluser is not an administrator and thus cannot run commands as root with sudo. sudo prompts for the password of the user running it, not the password of the user they want to become. Not being able to use your password to perform actions as people who aren't you is what it means to not be an administrator.
• normaluser, provided it is not a Guest account, can run commands as another user with su, putting in the other user's password. But gksu acts as a frontend for sudo, not su.
• normaluser cannot directly run any command as root, because normaluser cannot use sudo, and nobody can become root with su because there is no root password.

The Solution

The solution requires writing a command that performs two authentication steps:

• normaluser must become admin to run a graphical command. To do this, normaluser must run gksu with the -w flag to make it run in su-mode instead of the default sudo-mode, and the -u flag to run the command as admin instead of root.
• The command run as admin must invoke gksu without the -w flag to use sudo to become root.

Here's the command (yes, I have tested it ;-)):

gksu -w -u admin gksu anyapplication

You will be prompted for a password twice:

1. First, you must enter admin's password, to let normaluser run a command as admin with the su backend.
2. Second, you must enter admin's password, to let admin run a command as root with the sudo backend.

That's right. You enter admin's password twice.

Miscellaneous notes:

• If you wish, you can replace the second gksu with gksudo to make it less confusing. In Ubuntu, they are equivalent. (You can also replace the first gksu with gksudo, but that would be extremely counterintuitive and confusing.)
• -w is the short form of --su-mode.
• -S is the short form of --sudo-mode but neither has to be used because sudo-mode is the default.
• You may want to test this with some pretty harmless command first, to make sure it does what you want. (It will, but there's no need for you to trust me on that.) For example:

  gksu -w -u admin gksu xclock

  xclock is a nice simple clock-window application.

One way that will probably work is to use "sux" rather than "su" when you first switch to the admin user. sux fixes the problem of running x applications from the spoofed user. It is in the standard repo, and can be installed by entering sudo apt-get install sux at a commandline.

Then, just use "sux" instead of "su" and it should work the way you expect.

Lets reuse the example of the application xclock:

sux admin
gksu xclock

PAM can take care of it

This works for me on Ubuntu 16.04 (edit: it works too on 18.04 LTS):

put the line:

session optional pam_xauth.so

somewhere in:

/etc/pam.d/su

and/or

/etc/pam.d/sudo

and then doing "su -" or "sudo su -" I can use graphical apps as root.

pkexec

There is an ubiquitous alternative to kdesudo and gksu - pkexec which is from policykit-1 package that is required by lots of packages.

For me worked this:

pkexec env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY yourcommand commandoption1 commandoption2

Here you have to replace the yourcommand commandoption1 commandoption2 part with real command and it's args

In Lubuntu, there's a tool called lxqt-sudo. It's in the official repositories. It works!

lxqt-sudo/groovy, now 0.15.0-0ubuntu1 amd64, is a Graphical Qt frontend for plain sudo.

https://packages.ubuntu.com/focal/lxqt-sudo

Instead of

su admin
gksu anyapplication ...

I suggest you to try gksu -u admin anyapplication, where you do everything using the gksu command itself. Also please make note that you have to enter the password of the user mentioned in the command, ie, in this case you have to enter admin's password.

I would typically use the following logic in my scripts so that they will always request privilege escalation themselves using the appropriate method:

load_function_library

if [[ ${UID} -eq 0 ]] ; then
    # Execute only in the case of elevated privileges:
    if hash dialog ; then
        if ( dialog --backtitle "$( basename $0 )" --title "${BRAND} tools updater: NOTICE!" --yesno "\nMay I update the ${BRAND} OEM tools on your system now?" 20 80 ) ; then
            clear && do_update
        else
            clear && exit
        fi
    else
        echo -e $YELLOW
        echo "Hello $SUDO_USER ... I am going to update the OEM tools now..."
        echo "To cancel this, just close the terminal or press "CRTL C"."
        echo " "
        read -p "Press [ ENTER ] to continue with update"
        echo -e $ENDCOLOR
        do_update
    fi
else
    # If privileges are not elevated; then request elevation using the appropriate method:
    if echo $(systemctl get-default ) |grep graphical ; then pkexec env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY $0 ; else ensure_admin ; fi
    exit
fi

You can use sudo with GUI using the options -sE, as follows:

sudo -sE GUI_CMD

For example, if you want to run nemo as root:

sudo -sE nemo

Here's the command to accomplish this.

gksu app-name

Run it without running su first. You only need to run the above command from a normal user session and the application will be run as root.