diff --git a/tasks/sudoers.yml b/tasks/sudoers.yml
index 98ec62b..47e5524 100644
--- a/tasks/sudoers.yml
+++ b/tasks/sudoers.yml
@@ -13,3 +13,12 @@
     - regexp: '^{{user.name}}\s'
       line: "{{user.name}} ALL = (ALL) NOPASSWD:ALL"
   become: True
+
+- name: change secure path
+  replace:
+    path: "/etc/sudoers"
+    regexp: ^Defaults\s*secure_path.*
+    replace: Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin
+    validate: 'visudo -cf "%s"'
+  become: true
+