For me setting a=rwxt and then using samba to control access is not a good idea as my users can also login to the server via ssh and manipulate the files that way.
If you want to have a directory that all users can access, this is how it is usually done for writable/global directories. I would recommend using "AllowUsers" in /etc/ssh/sshd_config in any event. Only the user or users listed will be able to log into ssh then. This will also deny system user log in attempts, which is what script kiddies try. If you want two particular users out of many to have access to this directory, a normal control mechanism is using groups. If you have other users, then perhaps you are right and allowing "other" access wouldn't be a good idea. For a globally writable directory (or share), such as /tmp, those are the permissions you want.
As an aside, shares meant for mass storage probably should be mounted on their own partition and the "noexec", "nodev" options should be used. This only stops a little, but is standard practice. Especially if a user mistakenly (or stupidly on purpose) has the current directory in their path. Another evil user could in this case create an evil "ls" or "cd" wrapper which
good user might run while in the directory.
Could you post the permissions from "ls -l" and getfacl. At first the directory was owned by khj, and now by root. I'd like to get the correct current infomation.
Also the permissions of the /shares directory. If shares is root.root & rwxrwx---, then a user may not get access to files inside /shares/pictures/ regardless of the permissions of the files.
Try to verify that each user, kjh & rmj can access files as you want on the server directly before looking at Samba.
If you post back, for convenience, please post results inside code blocks to make them more readable, and disable smilies. Thanks.