---
title: "AP Cybersecurity Command Line Guide: chmod, openssl, Hashing"
description: "Practice AP Cybersecurity command-line tasks. Learn chmod, openssl, hashing, ls -l, and getfacl so you can read and write proper commands on the exam."
canonical: "https://fiveable.me/ap-cybersecurity/cybersecurity-technical-skills/ap-cybersecurity-command-line-guide/study-guide/eY4okE2ColzkVRURBK7E"
type: "study-guide"
subject: "AP Cybersecurity"
unit: "Cybersecurity Technical Skills"
lastUpdated: "2026-06-18"
---

# AP Cybersecurity Command Line Guide: chmod, openssl, Hashing

## Summary

Practice AP Cybersecurity command-line tasks. Learn chmod, openssl, hashing, ls -l, and getfacl so you can read and write proper commands on the exam.

## Guide

This guide collects the command-line patterns you may need to read or write on the [AP Cybersecurity Exam](/ap-cybersecurity/ap-cybersecurity-exam "fv-autolink"). When a free-response task uses the verb Write, you must express in print form a proper command that produces the indicated effect, so knowing exact syntax matters.

These commands map directly to defensive tasks from Units 4 and 5: setting file permissions, encrypting and decrypting data, generating keys, and verifying file [integrity](/ap-cybersecurity/key-terms/integrity "fv-autolink") with hashes. You will also need to read command output as evidence when analyzing a device.

## Where Commands Show Up on the Exam

The Section II Device Security Analysis question gives you several sources from one device, such as file-system permissions, [firewall](/ap-cybersecurity/key-terms/firewall "fv-autolink") configurations, and [log files](/ap-cybersecurity/unit-3/detecting-network-attacks/study-guide/5kYH3dgJpqFp57SUnjEX "fv-autolink"). You analyze those sources to identify security issues and describe how permission or configuration changes affect users and the device.

Skill Categories 2 and 3 are assessed in the FRQ, which means you focus on mitigating [risk](/ap-cybersecurity/key-terms/risk "fv-autolink") and detecting attacks. Multiple-choice items also include technical artifacts like file-permission strings and hashing function outputs, so you need to read these fluently.

The Write task verb is the one that requires you to produce a command yourself. The other verbs (Identify, Explain, Describe, Determine) ask you to analyze sources and reason in prose.

## Reading File Permissions with ls -l

Before you change permissions, you need to read them. The `ls -l` command lists files in long format and shows the permission string for each one.

```
$ ls -l
-rwxr-xr-  1 root  randd   4096  research.txt

drwxrwx--  2 lead  randd   4096  Formula

```

Read the permission string from left to right. The first character is the file type: `-` for a regular file, `d` for a directory. The next nine characters are three groups of three: owner, group, and others.

| Symbol | Meaning |
|:--|:--|
| `r` | read |
| `w` | write |
| `x` | execute |
| `-` | permission not granted |

So `-rwxr-xr--` means the owner has read, write, and execute, the group has read and execute, and others have read only. That maps to the octal value `754`.

## Changing Permissions with chmod

The `chmod` command changes file or directory permissions. You can use octal numbers or symbolic notation, and the AP scenarios often describe access in terms of who gets read, write, and execute.

Each permission has a value: read is `4`, write is `2`, and execute is `1`. Add them per group to build each digit.

| Access described | Octal digit |
|:--|:--|
| read, write, execute | 7 |
| read, execute | 5 |
| read only | 4 |
| no access | 0 |

For a worked example, take Scenario 5A's `/RandD/Formula` directory: the head researcher (owner) gets read, write, execute; the R&D team (group) gets read and execute; everyone else gets no access. That is `7` for owner, `5` for group, `0` for others.

```
$ chmod 750 /RandD/Formula
```

Symbolic notation works too when you only want to adjust one group. For example, `chmod g+x file.sh` adds execute for the group without touching other permissions.

When you write a `chmod` command on the exam, translate the described access into the correct digits and confirm the path matches the source. A common slip is reversing group and others.

## Viewing Detailed Permissions with getfacl

Standard permissions only cover one owner, one group, and others. When a system uses [access control](/ap-cybersecurity/key-terms/access-control "fv-autolink") lists for finer-grained [control](/ap-cybersecurity/unit-2/cyber-foundations/study-guide/0oS8jJyX7iolYntwz5Eh "fv-autolink"), `getfacl` displays the full list of named users and groups with their permissions.

```
$ getfacl /RandD/Research
## file: RandD/Research
## owner: lead
## group: randd
user::rwx
group::r-x
other::--
```

Use `getfacl` to read what access exists, then reason about whether it matches the [security policy](/ap-cybersecurity/key-terms/security-policy "fv-autolink"). If a source shows `other::--`, users outside the owner and group have no access, which supports [confidentiality](/ap-cybersecurity/key-terms/confidentiality "fv-autolink") goals.

## Verifying File Integrity with Hashing Commands

Hashing helps you detect whether a file has been altered, which is learning objective 5.6.D. A [hash](/ap-cybersecurity/key-terms/hash "fv-autolink") function produces a fixed-length digest; if even one byte changes, the digest changes.

Common commands compute a file's hash so you can compare it to a known-good value.

```
$ sha256sum research.txt
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08  research.txt
```

To verify integrity, compute the hash and compare it to the expected digest. If they match, the file is unaltered. If they differ, the file changed, which is an [indicator of compromise](/ap-cybersecurity/key-terms/indicator-of-compromise "fv-autolink") worth reporting.

You can also use `openssl` to produce a digest:

```
$ openssl dgst -sha256 research.txt
```

When you read hashing output on the exam, remember that hashes verify integrity, not confidentiality. A matching hash tells you the file was not changed, but it does not [encrypt](/ap-cybersecurity/unit-5/asymmetric-cryptography/study-guide/VwtcdE1OgUXoQu0fiDG2 "fv-autolink") anything.

## Encrypting and Decrypting with openssl

The `openssl` tool also handles [symmetric encryption](/ap-cybersecurity/key-terms/symmetric-encryption "fv-autolink"), which protects the confidentiality of stored data (objective 5.3.B). Symmetric encryption uses the same key to encrypt and decrypt.

To encrypt a file with a symmetric cipher:

```
$ openssl enc -aes-256-cbc -in secret.txt -out secret.enc
```

To decrypt, add the `-d` flag and reverse the input and output:

```
$ openssl enc -d -aes-256-cbc -in secret.enc -out secret.txt
```

The `-in` flag names the source file and `-out` names the destination. The cipher name, such as `aes-256-cbc`, must stay the same for both [encryption](/ap-cybersecurity/key-terms/encryption "fv-autolink") and [decryption](/ap-cybersecurity/key-terms/decryption "fv-autolink").

## Generating Asymmetric Keys

[Unit 5](/ap-cybersecurity/unit-5 "fv-autolink") Scenario 5B has you generate an asymmetric key pair so two parties can communicate securely. Asymmetric cryptography uses a [public key](/ap-cybersecurity/key-terms/public-key "fv-autolink") to encrypt and a matching private key to decrypt.

You can generate a key pair with `openssl`:

```
$ openssl genrsa -out private_key.pem 2048
$ openssl rsa -in private_key.pem -pubout -out public_key.pem
```

The number `2048` is the key length in bits. Longer keys are harder to break, which is why key length impacts security (objective 5.4.B).

Remember the rule for asymmetric keys: you share your public key freely, and you keep your private key secret. To send someone an [encrypted](/ap-cybersecurity/unit-1/best-practices-for-public-networks/study-guide/nli0fCFfA8OIiMHEGsBP "fv-autolink") message, you use their public key; they decrypt with their private key.

## Command Quick Reference

| Command | Use | Effect to expect |
|:--|:--|:--|
| `ls -l` | List files in long format | Shows permission strings, owner, group |
| `chmod 750 path` | Set permissions | Owner rwx, group r-x, others none |
| `getfacl path` | View access control list | Lists named users and groups with permissions |
| `sha256sum file` | Hash a file | Prints digest to compare for integrity |
| `openssl dgst -sha256 file` | Hash a file | Prints digest using openssl |
| `openssl enc -aes-256-cbc` | Symmetric encrypt/decrypt | Encrypts or decrypts a file with a shared key |
| `openssl genrsa` | Generate private key | Creates an asymmetric private key |

## Common Mistakes to Avoid

Do not reverse the permission groups. The order is always owner, then group, then others, so `chmod 740` gives the group read only, not full access.

Do not confuse hashing with encryption. Hashing verifies integrity and is one-way; encryption protects confidentiality and is reversible with the right key. Saying you will hash a file to keep it secret is a conceptual error.

Do not mix up the asymmetric keys. Encrypt with the recipient's public key and decrypt with the matching private key, and never share a private key. Mixing these up breaks the whole scenario.

When decrypting with `openssl`, remember the `-d` flag and keep the same cipher you used to encrypt. Leaving out `-d` or changing the cipher means the command will not produce the indicated effect.

Finally, match the exact file path from the source. A correct command pointed at the wrong directory will not earn the indicated effect, so copy paths carefully from the provided sources.

## FAQs

### What does the Write task verb mean on the AP Cybersecurity Exam?

Write means you express in print form a proper command that has the indicated effect. You produce the actual command, such as a chmod or openssl statement, with correct syntax and the right file path so it accomplishes the described task.

### How do I read a Linux file-permission string like -rwxr-xr--?

Read it left to right. The first character is the file type, where - is a file and d is a directory. The next nine characters are three groups of three for owner, group, and others, where r is read, w is write, x is execute, and - means the permission is not granted. So -rwxr-xr-- equals octal 754.

### What is the difference between hashing and encryption in AP Cybersecurity?

Hashing produces a fixed-length digest to verify integrity and is one-way, so you compare hashes to detect whether a file was altered. Encryption protects confidentiality and is reversible with the correct key. Use sha256sum or openssl dgst to hash, and openssl enc to encrypt or decrypt.

### Which key do I use to send an encrypted message with asymmetric cryptography?

Encrypt with the recipient's public key, and they decrypt with their matching private key. You share public keys freely but keep private keys secret. Longer key lengths, like 2048 bits, are harder to break, which is why key length affects security.

## Structured Data

```json
{"@context":"https://schema.org","@type":"FAQPage","inLanguage":"en","mainEntity":[{"@type":"Question","@id":"https://fiveable.me/ap-cybersecurity/cybersecurity-technical-skills/ap-cybersecurity-command-line-guide/study-guide/eY4okE2ColzkVRURBK7E#what-does-the-write-task-verb-mean-on-the-ap-cybersecurity-exam","name":"What does the Write task verb mean on the AP Cybersecurity Exam?","acceptedAnswer":{"@type":"Answer","text":"Write means you express in print form a proper command that has the indicated effect. You produce the actual command, such as a chmod or openssl statement, with correct syntax and the right file path so it accomplishes the described task."}},{"@type":"Question","@id":"https://fiveable.me/ap-cybersecurity/cybersecurity-technical-skills/ap-cybersecurity-command-line-guide/study-guide/eY4okE2ColzkVRURBK7E#how-do-i-read-a-linux-file-permission-string-like-rwxr-xr-","name":"How do I read a Linux file-permission string like -rwxr-xr--?","acceptedAnswer":{"@type":"Answer","text":"Read it left to right. The first character is the file type, where - is a file and d is a directory. The next nine characters are three groups of three for owner, group, and others, where r is read, w is write, x is execute, and - means the permission is not granted. So -rwxr-xr-- equals octal 754."}},{"@type":"Question","@id":"https://fiveable.me/ap-cybersecurity/cybersecurity-technical-skills/ap-cybersecurity-command-line-guide/study-guide/eY4okE2ColzkVRURBK7E#what-is-the-difference-between-hashing-and-encryption-in-ap-cybersecurity","name":"What is the difference between hashing and encryption in AP Cybersecurity?","acceptedAnswer":{"@type":"Answer","text":"Hashing produces a fixed-length digest to verify integrity and is one-way, so you compare hashes to detect whether a file was altered. Encryption protects confidentiality and is reversible with the correct key. Use sha256sum or openssl dgst to hash, and openssl enc to encrypt or decrypt."}},{"@type":"Question","@id":"https://fiveable.me/ap-cybersecurity/cybersecurity-technical-skills/ap-cybersecurity-command-line-guide/study-guide/eY4okE2ColzkVRURBK7E#which-key-do-i-use-to-send-an-encrypted-message-with-asymmetric-cryptography","name":"Which key do I use to send an encrypted message with asymmetric cryptography?","acceptedAnswer":{"@type":"Answer","text":"Encrypt with the recipient's public key, and they decrypt with their matching private key. You share public keys freely but keep private keys secret. Longer key lengths, like 2048 bits, are harder to break, which is why key length affects security."}}]}
```
